This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

Here's a question which confuse me for a long time.

From current TCP designed, sender shall not keep send the packet which more greater than window size before sender receive TCP ack. But I've found this symptom whenever I capture the tcp packet by wireshark.

For example : Packet No.100 shows a TCP ACK from server, and ACK is 19492177, Calculate window size value is 31950. So the next packet sequence from Sender shall not exceed 19524127(19492177 + 31950), right?

But I've just found the next packet(No.101) sequence number send from sender is 1960509. And it is same TCP session.

Window size unit is byte on wireshark right? Could anyone help answer this question if possible ?

Thanks a lot!

asked 14 Jul '16, 02:19

coverknox's gravatar image

coverknox
6112
accept rate: 0%


Well, answer question by myself. I've just found if you'd like to get correct window size calculate number. You'll need to capture full TCP handshake such as TCP SYNC/SYN-ACK. Otherwise, you'll get wrong window size/sequence number mapping on wireshark.

permanent link

answered 14 Jul '16, 18:41

coverknox's gravatar image

coverknox
6112
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×28

question asked: 14 Jul '16, 02:19

question was seen: 1,108 times

last updated: 14 Jul '16, 18:41

p​o​w​e​r​e​d by O​S​Q​A