Friday, July 14, 2006

Craigslist no longer uses TCP window size of 0

The erroneous claim that Cox was blocking Craigslist turned out to be a combination of a bug in a firewall driver from Authentium and the fact that Craigslist was using a TCP window size of 0 in the initial TCP handshake. Authentium took full responsibility for the issue, but no one was ever able to get Craig Newmark to answer why Craigslist was using a TCP window size of 0. My speculation was that this was being done as a way of avoiding congestion, possibly by a load-balancing switch in front of the web servers. Although Craig politely responded to some private emails from me, I never got an answer to whether my speculation was correct.

Now Craigslist has stopped using a TCP window size of 0 in the initial handshake, which indicates that it was always within Craigslist's power to fix the problem. Here are some packets I captured a couple of days ago (66.150.243.20 is www.craigslist.org); see the first link above for a more detailed explanation of what the TCP window size means and what caused the problem:

TCP SYN from my machine to craigslist, window size 16384:

15:13:18.469829 [my IP].50845 > 66.150.243.20.80: S 4043800370:4043800370(0) win 16384 (DF)

TCP SYN-ACK from craigslist.org, window size 4380 (this was the one that used to have a window size of 0):

15:13:18.504234 66.150.243.20.80 > [my IP].50845: S 1583028840:1583028840(0) ack 4043800371 win 4380 (DF) [tos 0x80]

TCP ACK from my machine, completing the three-way handshake, window size 16384:

15:13:18.504640 [my IP].50845 > 66.150.243.20.80: . ack 1 win 16384 (DF)

No comments: