This is our old Q&A Site. Please post any new questions and answers at

What does this mean in a summary of the trace file? [Window size scaling factor: -1 (unknown)]

I captured it on a linux server with tcpdump and am reading the file on a Windows PC with Wireshark.

asked 11 Apr '12, 18:04

godfreydanials's gravatar image

accept rate: 0%

It means that the trace file does not contain the TCP three-way handshake, so Wireshark does not know whether window scaling is in use, and if it is, what the window scaling factor is. If Wireshark sees the three-way handshake, and window scaling is used, Wireshark will know what window scaling factor is used by each side. Wireshark will then calculate the true window size for you by multiplying the value in the window size field by the appropriate multiplier.

If Wireshark does not see the three-way handshake, it will simply report the value of the window size field, which may or may not be the true window size, and indicate "[window size scaling factor -1 (unknown)]"

See RFC 1323 for the specification of the TCP window scale option.

permanent link

answered 11 Apr '12, 19:00

Jim%20Aragon's gravatar image

Jim Aragon
accept rate: 24%

edited 11 Apr '12, 19:16

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 11 Apr '12, 18:04

question was seen: 34,444 times

last updated: 11 Apr '12, 19:16

p​o​w​e​r​e​d by O​S​Q​A