Wireshark mailing list archives
Erroneous data in TCP display
From: Ed Franks <ewf () e-vse com>
Date: Mon, 16 Nov 2009 14:50:47 -0500
I'm a developer for a TCP/IP stack. I have been getting customer complaints about setting an initial window size of 0. When I explain that we don't do this, they reply "Wireshark says you do." After examining several Wireshark traces, I see that the display for the initial SYN packet does, indeed, show a value for "window" (sometimes 0, sometimes other values). The value obviously comes from the window field of the TCP header. However, "window" is always relative to "ACK", and ACK is never present in the initial SYN. Might it be possible to either omit the "window" value when it is undefined or at least show it as "???". This would be true only for the initial SYN. If anyone knows why a stack would set the SYN packet window field to non-zero (and what it would mean), I would appreciate a pointer to the relevant RFC. BTW, you provide an excellent product. It has more than once re-directed the "smoking gun" from my software to a failing network device. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Erroneous data in TCP display Ed Franks (Nov 16)
- Re: Erroneous data in TCP display ronnie sahlberg (Nov 16)