Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Wireshark Window Size

From: Hansang Bae <hbae@xxxxxxxxxx>
Date: Mon, 08 Sep 2008 21:46:24 -0400
eric ferro wrote:
I am slightly confused on how the window size of a conversation I see in the packet capture.

For example:
the first syn window size is:5840
the synack window size is 5792
subsequent acks range from 7168 to 8704.

Also, is the widows size show in he window in bit, bytes, kb ?

Thanks in advance for any help you can provide.

Remember that TCP is a two way communication. The sender of the SYN can do 5840 and the sender of the syn+ack can do 5792. I'm hoping these are Redhat boxes with auto-tuning enabled! Otherwise, you have some tiny window sizes at play.

ACKs are nothing more that the receiver telling the sender, "I've received up to and including this number of bytes from you" The bigger the receive (and the sender's send window) window, the more bytes you can have outstanding w/o an acknowledgment. Latency does play a role here so it's a bit harder to make general statements. But as a rule of thumb, round-trip latency plays a big role in how much data can be transmitted.


--

Thanks,
Hansang