This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

FIN, PSH, ACK Combined in Single Packet (Ordering?)

0

All,

I'm having issues with 2 applications applications as follows:

  • The Client and Server establish a TCP connection with SYN / ACK exchange no problem
  • The client sends a payload to the server again without any issues as follows:
  • Client > Server [PSH,ACK] Includes Payload
  • The server gets this message (I can see it in the app log)
  • Server > Client [ACK]
  • Server > Client [POS,ACK] Not really sure what this is but seems to just contain control data
  • Server > Client [FIN, PSH, ACK] Contains Response
  • Client never gets this payload, or at least i don't see it in the logs
  • Client > Server [ACK]
  • Client > Server [FIN,ACK]
  • Server > Client [ACK]

What i would like to know is:

  1. Is it allowed to send FIN, PSH and ACK in a single packet?
  2. Does the order of the tags matter; in my example FIN is sent before the PSH by the Server...so is the client closing the connection (the order of the tages is what i see in wireshark)

asked 26 May '15, 16:27

Chris%20Thompson's gravatar image

Chris Thompson
1111
accept rate: 0%

One Answer:

2

To the first question, yes this is allowed and normal. If it's the last data to be sent, the most efficient way to 1) acknowledge the previous data 2) indicate no new data is coming and 3) indicate that the data should be pushed to the application without any delay on upcoming data would be to set those three flags.

To the second question, the order of the flags in a single TCP packet are fixed, so there's no way to actually change the order as you say. You're just seeing the order that Wireshark analysis of set and unset flags displays, but there are nine flags in a fixed position in the "Flags" field of the TCP header, set or unset, always in the same order.

answered 26 May '15, 18:15

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%