Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

The Push Flag is used by the sending side to mark that it is end of a data chunk (Ex. end of data header or data body being sent). This tells the TCP layer on the receiving side to flush the received data to the receiving application without waiting for the receive buffer to be filled. The setting of the Push Flag is usually not controlled by the sending application, but by the sending TCP layer. Most modern TCP/IP stacks set the PSH bit at the end of the buffer supplied to send() . The Push Flag helps the receiving side to optimize throughput by bundling data into logical chunks.

(from : http://smallvoid.com/article/winnt-tcp-push-flag.html)

My guess is that one of the applications calculates the MSS itself to send blocks of data of MSS bytes to the TCP layer (in which case I find it strange that it also uses 32768 byte blocks, it could just keep sending segments of MSS length) and the other just sends blocks of 32768 bytes to the TCP layer. In the first case all packets will have the PSH bit set and in the second case only the last segment of the 32768 byte block will have the PSH bit set.

Which application was quicker? Are you able to share the capture files on a public fileservice like Dropbox, GoogleDrive, OneDrive etc? If not, which SFTP clients are you testing?