If we capture packets using tcpdump or Wireshark with a length less than the MTU (length < 1500) -(For example, 74, 108, 788... etc) - is it fair to say that it means there is tcp congestion?
asked 17 May '17, 04:45
No. That may only be something to think about if you know that there is a big data transfer with such a volume that all packets can be filled completely up to MSS. If an application has only a few bytes to send it will do that, and it's not because of congestion.
Take SSH/Telnet for example: pressing a key will send a small packet containing that key (and a few other things), but it's simply a small packet, and not congestion.
answered 17 May '17, 04:50