I recently started to use wireshark for education purposes. The first thing I tried was to capture the traffic while opening a browser to google (http request).
I have some questions about the output.
First I see the 3 way handshake, no problem here. Then my pc sends a get http.
The receiver (google) sends an ACK back followed by 2 'tcp segment of a reassembled pdu' packets. Then I send an ACK back to google.
why do I get 2 packets of the reassembled pdu before an ACK is sent? does this have something to do with the window and if so how/where can I see the logic