Syn ACK win=0

edit

It's uncommon, but it happens. Normally, a system should advertise a window size of a couple of segments (n times MSS), but in some situations I saw devices return 0 in the SYN/ACK. Usually for printers which accept the connection but want to delay having to receive print data because they need to "wake up" first (e.g. spinning and heating up all the mechanical parts required to print).

So I wouldn't say it's something that is critical, but maybe that device sending the Win 0 should be on your "soon to be replaced" list (if possible - some hospitals have those old needle printers they still need to use).

A device sending Win 0 is indicating that its TCP receive buffer is full and it needs the other party to wait. Generally this isn't a big problem as the 2 parties can sort things out. BUT in your case those Probes that follow make it look like the one side is waiting for quite a while; I can't quite see the times but it looks like 5+ seconds. Is this impacting users in any way?

I agree with Jasper above that as long as this is something like a printer and the Win0 only happens when something like initial bootup and you don't see any related user impact, you can probably ignore these. If however this is happening regularly on a client workstation or worse a server, I would definitely look into the TCP receive buffer and resources.

BW

That should be when you get a tcp windowZeroWindow not a tcp of window size = 0 that not the same thing. Source is sending ZeroWindows probe even If the destination has not sent tcp WindowZero. That is the issue, further more the source packet is malformed or corrupted , not a good sign.

Check out the source network.