ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 10514] New: TCP Window Size incorrectly reported in Packet

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 29 Sep 2014 14:37:38 +0000
Bug ID 10514
Summary TCP Window Size incorrectly reported in Packet List
Product Wireshark
Version 1.12.1
Hardware x86
OS Mac OS X 10.9
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Build Information:
Version 1.10.10 (v1.10.10-0-gc1544c6 from master-1.10)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.17, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.36.0, with libpcap, with libz 1.2.3, without POSIX capabilities, without
libnl, with SMI 0.4.8, without c-ares, without ADNS, with Lua 5.1, without
Python, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP,
with PortAudio V19-devel (built Jul 16 2013 19:05:52), with AirPcap.

Running on Mac OS X 10.9.4, build 13E28 (Darwin 13.3.0), with locale .UTF-8,
with libpcap version 1.3.0 - Apple version 41, with libz 1.2.5, GnuTLS 2.12.19,
Gcrypt 1.5.0, without AirPcap.
Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I believe Wireshark v1.12.1 incorrectly reports the TCP Window Size in the
Packet List in captures where only one side of the session uses TCP Window
Scaling.

Link to sample capture
https://www.cloudshark.org/captures/42b210c2004c

- The client announced that it supported TCP Window Scaling in the SYN
(65535x16)
- The server announced that it did not support TCP Window Scaling (or rather
did not announce that it DID support it...) in the SYN/ACK
- The TCP Window Size in the following traffic from the client is reported in
the Packet List in Wireshark as 1048560 and in the Packet Details as 65535x16
i.e. clearly still reported as using TCP Window Scaling.

I consider this to be a bug, since Wireshark 1.10.10 acts correctly and shows
the correct window size in Packet List.

This bug is rather annoying, since I always use the Packet List to get an easy
overview of the packets (and the Window Size).

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube