Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

When the sender wants the receiver to send all its data in its buffer to the application, it will send a TCP PUSH. There are usually two reasons for this: the TCP CWND is full or it is time sensitive application. It is expected that the receiver will respond with an updated ACK. If there is no response, there could be a problem. The exception if it is a FIN or RESET. The bytes in flight, are bytes that Wireshark hasn't seen an ACK for. It's important to know the location of the sniffer because it affects when Wireshark sees the response to the TCP PUSH.