Search code examples
network-programmingtcpwiresharkpcaptcpdump

TCP Server sends [ACK] followed by [PSH,ACK]

I am working on a high-performance TCP server, and I see the server not processing fast enough on and off when I pump high traffic using a TCP client. Upon close inspection, I see spikes in "delta time" on the TCP server. And, I see the server sending an ACK and 0.8 seconds later sending PSH,ACK for the same seqno. I am seeing this pattern multiple times in the pcap. Can experts comment on why the server is sending an ACK followed by a PSH,ACK with a delay in between?

TCP SERVER PCAP

Solution

  • To simplify what ACK and PSH means

    • ACK will always be present, it simply informs the client what was the last received byte by the server.
    • PSH tells the client/server to push the bytes to the application layer (the bytes forms a full message).

    The usual scenario you are used to, is more or less the following:

    1. The OS has a buffer where it stores received data from the client.
    2. As soon as a packet is received, it is added to the buffer.
    3. The application calls the socket receive method and takes the data out of the buffer
    4. The application writes back data into the socket (response)
    5. the OS sends a packet with flags PSH,ACK

    Now imagine those scenarios:

    • step 4 does not happen (application does not write back any data, or takes too long to write it)

      => OS acknowledge the reception with just an ACK (the packet will not have any data in it), if the application decides later on to send something, it will be sent with PSH,ACK.

    • the message/data sent by the server is too big to fit in one packet:

      • the first packets will not have PSH flag, and will only have the ACK flag
      • the the last packet will have the flags PSH,ACK, to inform the end of the message.