Erroneous data in TCP display

[Ed Franks <ewf () e-vse com>]

I'm a developer for a TCP/IP stack.  I have been getting customer complaints
about setting an initial window size of 0.  When I explain that we don't do
this, they reply "Wireshark says you do."

After examining several Wireshark traces, I see that the display for the
initial SYN packet does, indeed, show a value for "window" (sometimes 0,
sometimes other values).  The value obviously comes from the window field 
of the TCP header.

However, "window" is always relative to "ACK", and ACK is never present
in the initial SYN.

Might it be possible to either omit the "window" value when it is undefined
or at least show it as "???".  This would be true only for the initial SYN.

If anyone knows why a stack would set the SYN packet window field to non-zero
(and what it would mean), I would appreciate a pointer to the relevant RFC.

BTW, you provide an excellent product.  It has more than once re-directed the
"smoking gun" from my software to a failing network device.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe