Re: TCP windows update

[Andrej van der Zee <andrejvanderzee () gmail com>]

Hi Stephen,

Thanks for you clear reply.

> Each TCP segment has a window size, but it may be scaled by options 
> negotiated only during the initial 3-way handshake (SYN/SYN+ACK/ACK).  So 
> if you look at a SYN+ACK segment for example, you may see that the 
> window size value in the header is 8192 bytes, but further down in the 
> options section, there is a window scale option of 2 shift count (which 
> means bit shift by 2, which further means multiply by 4 any value from 
> the packet).  This was necessary because when TCP was designed, they 
> only used a 16-bit value for the window size, which allows up to 65,535 
> bytes maximum as the window size.  The multiplier will take that value 
> and scale it.
>
> Another example is a TCP segment after the initial handshake that shows 
> a packet window size value of 16695 with a multiplier negotiated earlier 
> of 4.  So the calculated window size is 66780 (16695 * 4).

In which capture file can I find these examples?

Maybe a silly question, but can a Windows update be piggy backed with a data segment, or is it always contained in a 
zero-length data segment? 

Also, can a Windows update contain an ACK number for non-ACKed data segments?

Thanks you,
Andrej
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe