[Snort-users] Huge ACK's - somewhat off topic
Deterding, Brent D.
DeterdingB at ...908...
Thu Nov 30 21:18:44 EST 2000
Not the perfect place for this question probably, but the best place
I know of. I'm on a DSL line and bandwidth is a big deal. On this prticular
network (fraternity house) there's a mix of Windows and 2 linux boxes. The
Windows boxen seem to send a full packet for ACKs. DSL seems to impose a
small window size as well, btw. This is what I see on file transfers:
receive two packets - total length in IP header= 1500 - total
capture length = 1514 - Window size = 32120
send an ack - total length in IP header= 40 - total capture length=
1514 - Window size = 8760
receive two packets- total length in IP header= 1500 - total capture
length = 1514 - Window size = 65160
send an ack - total length in IP header= 52 - total capture length =
66 - Window size = 31856
The problem: Windows boxes transmit half as much as they receive. When you
have a 128 kbit pipe up and a 768 kbit pipe down this can be a problem!
ALSO, sometimes the windows box sees two packets before sending an ack, but
half the time it's only one packet. What gives?
Any ideas? thanks!
More information about the Snort-users