Timeline for answer to Firewalls and ACKs by James Shewey
Current License: CC BY-SA 3.0
Post Revisions
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 12, 2015 at 21:14 | vote | accept | Rafe | ||
| Mar 12, 2015 at 21:14 | |||||
| Mar 10, 2015 at 3:08 | comment | added | James Shewey | Well, if the problem is SSL as I suspect, you will find on 7 that there are certain ciphers that are not sent during the SSL handshake. These have probably been deprecated which is why the are not sent, but were sent in Windows XP. For example, SSLv3 would have been supported, but it may be dropped in the most up to date version of [Windows] 7(technet.microsoft.com/en-us/library/security/3009008.aspx). If the other side is incapable of TLS 1.2 because it is too out of date, you would see this type of conversation. | |
| Mar 9, 2015 at 21:15 | comment | added | Rafe | The 6th frame ACKs Frame 4. Frame 7 (FIN/ACK) ACKs Frame 5. The messed up thing with this is it worked find with Windows XP but the computer was upgraded to Windows 7. Does anyone know if Windows 7 implemented something in the TCP stack that could cause it to act differently with firewalls? I am going to edit my original post and see if it will let me add another graphic. | |
| Mar 9, 2015 at 7:27 | comment | added | Eddie | The TCP Window size can be updated in any/every ACK packet. Whether I'm sending an ACK after every received packet or every other packet (which Delayed Acknowledgement does), in both cases I have "the opportunity to updated the TCP receive window". The point the link is probably trying to make is that delayed Acknowledgement sends an ACK every two packets so that the window can still be updated relatively "quickly" -- as compared to every 20 or 30 packets. Window Scaling itself simply identifies that the window size can change dynamically mid conversation. | |
| Mar 9, 2015 at 7:12 | comment | added | James Shewey | Good info Eddie, thanks! Am I mistaken, or is that not a component of Window scaling? (From your link - "Delayed ACKs can give the application the opportunity to update the TCP receive window and also possibly to send an immediate response along with the ACK.") | |
| Mar 9, 2015 at 6:55 | comment | added | Eddie | Hi James. I actually think you were confusing it with Delayed Acknowledgements. =) | |
| Mar 9, 2015 at 6:01 | history | edited | James Shewey | CC BY-SA 3.0 |
I was conflating scaling with SACKs
|
| Mar 9, 2015 at 6:00 | comment | added | James Shewey | Eddie, you are right! I was mixing SACKs with TCP window scaling, which are two very distinct topics. I have updated my answer to reflect this. | |
| Mar 9, 2015 at 5:22 | comment | added | Eddie | Hi James, welcome to Network Engineering SE. Just wanted to point out that Selective ACK (SACK) would not come in to play here. SACK allows a speaker to selectively acknowledge what data it has received (in order to communicate the data it has not received). TCP without SACK would mean I could only Acknowledge the last continuous sequence# that I have received. To put simplified numbers to it, if I receive 0-100, don't receive 101, then receive 102-200, regular TCP would "ACK 101" and the sender would resend 101-200. Whereas SACK would allow me to communicate that I only missed 101. | |
| Mar 9, 2015 at 5:05 | history | answered | James Shewey | CC BY-SA 3.0 |