Ask Your Question
0

When I use the "bytes sent since last PSH flag"?

asked 2021-07-16 03:20:41 +0000

yves gravatar image

Hi,

Please explain to me how can I use the "bytes sent since last PSH flag" in TCP [SEQ/ACK analysis] info.

As far as I know, We can refer to the "Bytes in flight" filed to get the picture for the Congestion window.

I found in my trace that the "bytes sent since last PSH flag" field value and "bytes in flight" field one show different values.

Please explain to me what is the case those two filed show different values.

Thank you in advance. Yves

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2021-07-16 08:04:34 +0000

grahamb gravatar image

updated 2021-07-16 13:36:15 +0000

They are two different things that aren't related, hence the different sizes.

Bytes in flight is the number of bytes transmitted since the last ACK received.

Bytes since the last PSH flag is the number of transmitted since the last segment with the PSH flag set was transmitted. Some info on how the PSH flag is handled by both sender and receiver can be found here.

edit flag offensive delete link more

Comments

Thank you for your input

yves gravatar imageyves ( 2021-07-19 05:20:41 +0000 )edit
0

answered 2021-07-16 13:17:35 +0000

BigFatCat gravatar image

When the sender wants the receiver to send all its data in its buffer to the application, it will send a TCP PUSH. There are usually two reasons for this: the TCP CWND is full or it is time sensitive application. It is expected that the receiver will respond with an updated ACK. If there is no response, there could be a problem. The exception if it is a FIN or RESET. The bytes in flight, are bytes that Wireshark hasn't seen an ACK for. It's important to know the location of the sniffer because it affects when Wireshark sees the response to the TCP PUSH.

edit flag offensive delete link more

Comments

Can you explain to me in more detail about the meaning of " It's important to know the location of the sniffer because it affects when Wireshark sees the response to the TCP PUSH."?

yves gravatar imageyves ( 2021-07-19 05:20:28 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-07-16 03:20:41 +0000

Seen: 1,152 times

Last updated: Jul 16 '21