Wireshark-users: [Wireshark-users] Fwd: How to Identify TCP Initial receive window from Wireshark
From: "mishra07amit ." <[email protected]>
Date: Wed, 30 Oct 2019 12:28:29 +0100
Hello Team,

Please help me to clarify doubts regarding TCP Initial window size.

In system configuration, we have set Initial receive window size value as 22* MSS but when checked via wireshark capture we cannot see that in TCP SYN or TCP ACK packets so just want to know how that Initial receive window value is related with Window size value we see in trace.

MSS is set as 1360 so based on that Initial window size should be 29920 but in trace in SYN request i can see window size as 43520, in ACK(in response to SYN-ACK from server) Window size was 45056 and some different value in subsequent ACK/PUSH/ACK packets

So my question is in which packet I can see initial receive window size in wireshark.

Also Can anyone explain me the benefit of high Initial receive window size?

This is the call flow between end-user and Internet server and my product behave as TCP full transparent proxy.

Client ------------> My Product -------> Server

TCP SYN-->
<--SYN/ACK--
--ACK--->      
                                       TCP SYN-->   
                                      <--SYN/ACK--
                                        --ACK--->

From my product point of View towards Client, it must share its initial window size in SYN/ACK message towards the client and towards server-side it should share Initial window size in TCP SYN message. On client-side next message is ACK which doesn't carry any payload while on Server side next message is SYN/ACK which also doesn't carry any payload then how come this Initial window size value is of any use? As after those messages, new ACK message with new window size will be shared and any payload from the Internet towards my product or from my product towards client will follow that new window size to send payload then how this initial window size value is of any use or initial window size is shared after initial TCP handshake?


Regards

Amit