Hi, i'm having some questions about the TCP ZeroWindow flag. According to my capture we have the following scene:
The host 192.168.45.182 is the client and the host 192.168.45.178 is the server. One of my doubts is if the WIN in line 98412 is from client or from server.
The tcpguide web (http://www.tcpipguide.com/free/t_TCPWindowSizeAdjustmentandFlowControl.htm) site tells that the send window to the client is the received window to the server. See the following text:
And this picture even better explains the situation:
But I'm still having doubts about the output of wireshark. Some one can explain me better?
Thank you very much.
asked 08 Nov '10, 04:01
OK, walk with me...
... the client sends 282 bytes to the server and also tells the server that it's receive buffer only has 118 bytes left...
... the server sends 118 bytes (filling up the receive buffer of the client) and tells the client that it can still send 64112 bytes before it's receive buffer is full...
... the client sends 165 bytes to the server and also tells the server that it's receive buffer is now completely full so the server should stop sending data (until the application on the client fetches the data from the TCP receive buffer)...
... this looks like a natted version of the last packet???...
... the server acknowledges the data that the client has sent, tells the client that the application has read some data from the TCP receive window so that there is now again room for 65535 more bytes. It also does not send data, as it has not received word from the client that some buffer space has been freed...
Does it make more sense like this?
answered 08 Nov '10, 05:27
SYNbit and hansangb,
Just one more question.
If the client's window size reaches zero, and there ins't a negotiation of the window, can be a problem in the SERVER application or de CLIENT application? Can be a problem of the machine too?
Thank you again.
answered 09 Nov '10, 03:07