Wireshark · Wireshark-dev: Re: [Wireshark-dev] Question about tcp window scaling value

Wireshark-dev: Re: [Wireshark-dev] Question about tcp window scaling value

From: Ed Beroset <beroset@xxxxxxxxxxxxxx>

Date: Sun, 02 Jan 2011 11:07:47 -0500

Douglas Wood wrote:

In Wireshark 1.4.2, export to PDML from tshark sometimes results in a different value for tcp window size compared to doing the same export from the Wireshark GUI.  The different value reflects multiplying the tcp window value with the current window scaling size for tshark and not taking window scaling into account for Wireshark.

Is this a bug?


No, it's a feature.  :)

If not, how can I tell the difference between the two outputs? I'drather not write code that cares if tshark generated the output orWireshark.

There is a TCP preference "Window scaling" that controls this. Notethat you must also have the "Analyze TCP sequence numbers" enabled forthis to take effect.

As always, you can also specify an option override on the command lineas -o tcp.window.scaling:TRUE

Ed

Follow-Ups:
- Re: [Wireshark-dev] Question about tcp window scaling value
  - From: Douglas Wood

References:
- [Wireshark-dev] Question about tcp window scaling value
  - From: Douglas Wood

Prev by Date: [Wireshark-dev] Question about tcp window scaling value
Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 35253: /trunk/ /trunk/doc/: README.developer /trunk/epan/: tvbuff.c tvbuff.h
Previous by thread: [Wireshark-dev] Question about tcp window scaling value
Next by thread: Re: [Wireshark-dev] Question about tcp window scaling value
Index(es):
- Date
- Thread