Tcpdump is a good TCP analysis tool. You can use the nc command to learn tcpdump
- nc -l 8000
- Tcpdump -s -n -i LO TCP and host 127.0.0.1 and port 8000
- nc localhost 8000
The first step is to start port 8000. The second step is to start the packet capture program. The third step is to establish a handshake connection. CTRL + C is to exit the client, and you can see four waves.
Description of parameters in tcpdump
| parameter | explain |
|---|---|
| -n | Show the IP |
| -i | Grab network adapter LO |
| TCP and host 127.0.0.1 and port 8000 | Filter expression |
The TCP identifier is in []. [S] indicates SYN, [F.] indicates FIN, and. Said an ACK
Why does the server sometimes wait 40ms for ack after receiving data? This is because of Delay ACK (Delay ACK is turned off by default on Linux). Cumulative acknowledgement of delay Acks causes multiple ack packets to be returned as a composite ACK. Incidental acknowledgement is an ACK if the server returns data.
Nagle is another relative Delay ACK algorithm, which aims to reduce the number of TCP packets in the network. Nagle is enabled by default.
Nagle principle
- There is at most one unacknowledged incomplete packet on a TCP connection, and no other packet can be sent until it reaches its destination
- Before receiving a small ACK packet, TCP collects other small ACK packets to form a large ack packet and sends the packets
If you enable Delay ACK and Nagle at the same time, each data request will be delayed by 40ms. If you have high requirements on real-time performance, you can disable Delay ACK and Nagle at the same time, which will Delay the ACK packet sending