This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why TCP sequence number from sender is more greater than window size value ?

0

Hi,

Here's a question which confuse me for a long time.

From current TCP designed, sender shall not keep send the packet which more greater than window size before sender receive TCP ack. But I've found this symptom whenever I capture the tcp packet by wireshark.

For example : Packet No.100 shows a TCP ACK from server, and ACK is 19492177, Calculate window size value is 31950. So the next packet sequence from Sender shall not exceed 19524127(19492177 + 31950), right?

But I've just found the next packet(No.101) sequence number send from sender is 1960509. And it is same TCP session.

Window size unit is byte on wireshark right? Could anyone help answer this question if possible ?

Thanks a lot!

asked 14 Jul '16, 02:19

coverknox's gravatar image

coverknox
6112
accept rate: 0%


One Answer:

0

Well, answer question by myself. I've just found if you'd like to get correct window size calculate number. You'll need to capture full TCP handshake such as TCP SYNC/SYN-ACK. Otherwise, you'll get wrong window size/sequence number mapping on wireshark.

answered 14 Jul '16, 18:41

coverknox's gravatar image

coverknox
6112
accept rate: 0%