This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to know the sender of the ACK

0

I'd like to know the sender of the ACK received.

I mean, if the ACK received is from the layer itself (TCP, etc..) or from the server I've just contacted (e.g. they received the package, and they sent me an ACK confirming they received it.)

In the ACK data, how can I know this kind of information. Could it be the source port?

Thanks.

asked 19 Nov '12, 09:34

rogcg's gravatar image

rogcg
1112
accept rate: 0%

edited 19 Nov '12, 09:35


One Answer:

0

You receive ACKs from the TCP stack of the receiving node. Packets sent from the client are Acknowledged by the TCP stack of the server and vice versa. Acknowledge numbers are based on the sequence number plus the payload size of the packet received. The have nothing to do with ports, except that sequences are kept per TCP session, which is based on ports.

answered 19 Nov '12, 09:52

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

so how can I know whos is the sender? All ACK's will be received from TCP stack, even if the client is sending it, the TCP stack will acknowledge it to me? So I'm not able to know if it's comming from the TCP layer or the client itself?

(19 Nov '12, 10:21) rogcg

even if the client is sending it, the TCP stack will acknowledge it to me?

it's not the client application that is sending the data. It's the TCP/IP stack of the OS (unless you have client software that operates at a real low level).

The client opens a TCP connection and then it reads/write from/to that connection by calling OS system calls.

I'm sure you will find the following tutorial about network programming interesting. I picked just the first link from a google search.

http://beej.us/guide/bgnet/output/html/multipage/index.html

(19 Nov '12, 11:29) Kurt Knochner ♦

I.e., the application/library/daemon code on the client or the server sends data by writing it to the networking stack; the networking stack encapsulates it in TCP segments, encapsulates those into IP datagrams, and sends them over a network.

The TCP stack also either sends ACKs in packets by themselves or in a data segment - the application/library/daemon code on the client or the server has nothing to do with sending those ACKs (again, unless you have client or server software that operates at a real low level).

(19 Nov '12, 19:35) Guy Harris ♦♦