How TCP Works - Selective Acknowledgment (SACK)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome to this video on TCP sac my name is Chris from packet pioneer and today we're gonna talk about this TCP option so go ahead and get out your copy of Wireshark and follow right along so to start the conversation about TCP sac first I just want to stress that it's very important that we understand how TCP sequence numbers work so if you haven't done so already go ahead and click on the TCP sequence number video that I have on my channel here and make sure you've already seen that one so when interacting with an application a client often sends data to the server and data comes back in the other direction well when packets are in flight sometimes what can happen is one or more packets can get lost now this is what we know as packet loss well rather than resetting the entire stream of data after the loss point what a server can do is indicate through acknowledgment numbers and through TCP sac specifically what sequence numbers went missing so once the client receives those acknowledgments from the server it knows exactly which sequence numbers need to be retransmitted so let's take a closer look at exactly how this works so here we've simplified our packet stream just a little bit but just for purposes of conversation each one of these streams are packets that you see here let's just say that it contains in its payload 100 bytes of data so as this goes along imagine again one of them goes missing okay so to acknowledge that data the server will initially send an acknowledgment for those first two packets that we see now those sequence numbers will be from 1 to 201 so the first packet that we see there that's 1 to 101 and the second one is 101 to 201 so to acknowledge both of those the server can send back an acknowledgement number of 201 and that'll take care of both of those however we have a gap here right so the fourth and fifth packet that arrived at the server it too can acknowledge those now these will represent sequence number 301 to 501 so the one that we have missing in the middle is what the server here wants to indicate back to the client so it will acknowledge 201 that will be listed in Wireshark as a duplicate ACK well why because well we see that act number a second time the server is basically saying hey client I'm good through act number 201 I received those first two packets however it can use its TCP options within that packet to indicate the selected acknowledgment left edge of 301 and the right edge of 501 so here again the service and I'm good to 201 I've received 301 to 501 but what I'm missing is this one right in the middle so in a way it's saying please resend 201 to 301 now hopefully the client gets the hint and goes ahead and sends that retransmission but to really see how this works within Wireshark let's go ahead and open up a trace file and really dig into it to see how it works okay so here I am in this trace file it's just a simple TCP conversation between a client and server here we have our handshake we can see our network round-trip time and then data begins to go in flight so the client sends I get to the server and then the server begins to send packets along back to the client well if I look at my intelligent scroll bar over here I can see that I have some black lines that means there's some ugliness there from a TCP perspective so I'm just gonna scroll down to that and I can see in the sequence numbers coming from that server there was a gap in sequence numbers that's why Wireshark tells me hey previous segments not captured there was a gap here so let's go ahead and take a look at the sequence number there on that packet or better yet let's go to the one just before it I'm just going to bring up my packet details here I'm gonna open up the TCP header values and I can see the sequence number of this packet 45 to 61 I'm transmitting 14 60 bytes that means my next starting sequence number should be 46 721 all right so just remember that 46 721 well the act coming back from the client acknowledges 46 721 so we are good to packet 52 well the next packet that comes in 59 861 that means we are missing all sequence numbers between 46 7 21 and 59 861 this was the next packet that we see coming from the server so the way that selective acknowledgement kicks in is let's go ahead and take to take a look at the acknowledgement the next packet after this gap in sequence numbers it happens so the client sends this back to the server I'm good 246 721 this is a dupe back because we've already sent an acknowledgment for this packet or this sequence number previous all right so we've duplicated our act number we're good 246 721 however in this act if I come down to my options and expand that out this is where the the client here can indicate the new data that it has received successfully so 59 861 261 321 hey server were good we've gotten this however what it's indicating to the server is I have a gap of data between 46 7 21 and 59 861 so we see another packet come in from the server this one was likely just in flight on its way to us if we take a look at the sequence number 61 262 we can see this doesn't fill in the gap but it was just the next one in the sequence numbers as they were flying along now the client says all right good I'm good 246 721 however it just increased it's right edge so it acknowledged the new packet that came in that was in flight while still indicating the gap in the sequence numbers okay so we see another packet come in we see this as TCP window full that's fuel for another video on another time there's another packet that was in flight here we can see our sac edges our left edge right edge we can see our right edge is growing out here it's acknowledging new traffic as it comes in this is still though we're still hung up on 46 7:21 well finally this the packet that we're looking for comes along sequence number 46 721 and then we can see the next set the next expected sequence number is 48 181 so this fills in one of the packets that was missing in the gap that that happened so now the client can indicate that now it's gonna say all right I'm good 248 I got that retransmission that you sent but I'm still only good up to here I still have this gap so that's how ICP selective acknowledgement works it's a feature of TCP that both sides need to indicate in the handshake up above both sides need to support it and if both sides do then the client or server whichever Direction packets go missing in this case can selectively acknowledge data indicating what went missing in telling the link partner specifically what to resend so hopefully this helps in you getting a better understanding of TCP sac go ahead and send me some comments below if you have any more questions about it and thanks for dropping by my channel
Info
Channel: Chris Greer
Views: 30,659
Rating: undefined out of 5
Keywords: Wireshark, TCP/IP, SACK, Packet, Analysis, Training, TCP, Transport, Protocol, TCP Handshake, wireshark training, wireshark tutorial, packet analysis, packet capture, tcp analysis, tcp connections, wireshark tutorial 2020, selective acknowledgement, packet pioneer, chris greer, transport control protocol
Id: VERgI8QaYPY
Channel Id: undefined
Length: 7min 32sec (452 seconds)
Published: Mon Apr 08 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.