Wireshark mailing list archives
Re: Erroneous data in TCP display
From: ronnie sahlberg <ronniesahlberg () gmail com>
Date: Tue, 17 Nov 2009 08:30:13 +1100
That makes sense for ordinary tcp since the window size is undefined during the initial syn. I have checked in a change to wireshark so it does not show the window size for the initial syn packet. There is an exception for the old/obsolete/abandoned/genuinely-bad-idea varient called T-TCP where the window size during the syn phase did have a semantic meaning. Fortunately no one is using t-tcp any more and if someone does, they shouldnt. regards ronnie sahlberg On Tue, Nov 17, 2009 at 6:50 AM, Ed Franks <ewf () e-vse com> wrote:
I'm a developer for a TCP/IP stack. I have been getting customer complaints about setting an initial window size of 0. When I explain that we don't do this, they reply "Wireshark says you do." After examining several Wireshark traces, I see that the display for the initial SYN packet does, indeed, show a value for "window" (sometimes 0, sometimes other values). The value obviously comes from the window field of the TCP header. However, "window" is always relative to "ACK", and ACK is never present in the initial SYN. Might it be possible to either omit the "window" value when it is undefined or at least show it as "???". This would be true only for the initial SYN. If anyone knows why a stack would set the SYN packet window field to non-zero (and what it would mean), I would appreciate a pointer to the relevant RFC. BTW, you provide an excellent product. It has more than once re-directed the "smoking gun" from my software to a failing network device. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Erroneous data in TCP display Ed Franks (Nov 16)
- Re: Erroneous data in TCP display ronnie sahlberg (Nov 16)