First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
0

TCP Zero Window - need clarification on this

If I have a packet as below

source 192.168.10.11 destination 192.168.10.15 TCP Zero Window

Which side is saying my TCP Window is zero, source or destination

AL's avatar
3
AL
asked 2024-01-03 10:17:59 +0000, updated 2024-01-03 10:26:30 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

See the WSUG - 7.5. TCP Analysis:

TCP ZeroWindow

Chuckc's avatar
3k
Chuckc
answered 2024-01-03 13:58:40 +0000
edit flag offensive 0 remove flag delete link

Comments

OK I have read this and if my understanding is correct its the IP address 192.168.10.15 that is saying it has a Zero Window Size

TCP ZeroWindow Set when the receive window size is zero and none of SYN, FIN, or RST are set.

The window field in each TCP header advertises the amount of data a receiver can accept. If the receiver can’t accept any more data it will set the window value to zero, which tells the sender to pause its transmission. In some specific cases this is normal — for example, a printer might use a zero window to pause the transmission of a print job while it loads or reverses a sheet of paper. However, in most cases this indicates a performance or capacity problem on the receiving end. It might take a long time (sometimes several minutes) to resume a paused connection ... (more)

AL's avatar AL (2024-01-03 14:39:39 +0000) edit

It's a bit confusing with the terms "sender"/"receiver" and "source/destination".
The text you provided shows that the "source" (192.168.10.11) sent a message telling the "sender" (192.168.10.15) that it could not receive any more data at this time.

Look down in the packet details. It's the "0" value for Window that Wireshark interprets as a "Zero Window".

    Window: 0
    [Calculated window size: 0]
    [Window size scaling factor: 4]
Chuckc's avatar Chuckc (2024-01-03 15:07:33 +0000) edit

this is the packet in Wireshark

ws

AL's avatar AL (2024-01-03 15:18:21 +0000) edit
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer