Hi Stephen,
Thanks for you clear reply.
>
> Each TCP segment has a window size, but it may be scaled by options
> negotiated only during the initial 3-way handshake (SYN/SYN+ACK/ACK). So
> if you look at a SYN+ACK segment for example, you may see that the
> window size value in the header is 8192 bytes, but further down in the
> options section, there is a window scale option of 2 shift count (which
> means bit shift by 2, which further means multiply by 4 any value from
> the packet). This was necessary because when TCP was designed, they
> only used a 16-bit value for the window size, which allows up to 65,535
> bytes maximum as the window size. The multiplier will take that value
> and scale it.
>
> Another example is a TCP segment after the initial handshake that shows
> a packet window size value of 16695 with a multiplier negotiated earlier
> of 4. So the calculated window size is 66780 (16695 * 4).
In which capture file can I find these examples?
Maybe a silly question, but can a Windows update be piggy backed with a data segment, or is it always contained in a zero-length data segment?
Also, can a Windows update contain an ACK number for non-ACKed data segments?
Thanks you,
Andrej
