Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2022-03-08 17:09:15 +0000

Chuckc gravatar image

The text for that section of the manual comes from the comments in packet-tcp.c.

Working through an example might help to explain where the text comes:

TCP Window Update

Set when the all of the following are true:

The segment size is zero.

The window size is non-zero and not equal to the last-seen window size.

The sequence number is equal to the next expected sequence number.

The acknowledgement number is equal to the last-seen acknowledgement number.

None of SYN, FIN, or RST are set.

    /* WINDOW UPDATE
     * A window update is a 0 byte segment with the same SEQ/ACK numbers as
     * the previous seen segment and with a new window value
     */
    if( seglen==0
    &&  window
    &&  window!=tcpd->fwd->window
    &&  seq==tcpd->fwd->tcp_analyze_seq_info->nextseq
    &&  ack==tcpd->fwd->tcp_analyze_seq_info->lastack
    &&  (flags&(TH_SYN|TH_FIN|TH_RST))==0 ) {
        if(!tcpd->ta) {
            tcp_analyze_get_acked_struct(pinfo->num, seq, ack, TRUE, tcpd);
        }
        tcpd->ta->flags|=TCP_A_WINDOW_UPDATE;
    }

How tcpd->fwd->tcp_analyze_seq_info->nextseq gets set is based on state of the TCP stream.
(It might get set in other spots since there are a lot of pointers and structures in the code)

  tcpd->fwd->tcp_analyze_seq_info->nextseq=nextseq;

  tcpd->fwd->tcp_analyze_seq_info->nextseq = tcpd->fwd->tcp_analyze_seq_info->maxseqtobeacked;

The text for that section of the manual comes from the comments in packet-tcp.c.

Working through an example might help to explain where the text comes:

TCP Window Update

Set when the all of the following are true:

The segment size is zero.

The window size is non-zero and not equal to the last-seen window size.

The sequence number is equal to the next expected sequence number.

The acknowledgement number is equal to the last-seen acknowledgement number.

None of SYN, FIN, or RST are set.

    /* WINDOW UPDATE
     * A window update is a 0 byte segment with the same SEQ/ACK numbers as
     * the previous seen segment and with a new window value
     */
    if( seglen==0
    &&  window
    &&  window!=tcpd->fwd->window
    &&  seq==tcpd->fwd->tcp_analyze_seq_info->nextseq
    &&  ack==tcpd->fwd->tcp_analyze_seq_info->lastack
    &&  (flags&(TH_SYN|TH_FIN|TH_RST))==0 ) {
        if(!tcpd->ta) {
            tcp_analyze_get_acked_struct(pinfo->num, seq, ack, TRUE, tcpd);
        }
        tcpd->ta->flags|=TCP_A_WINDOW_UPDATE;
    }

How tcpd->fwd->tcp_analyze_seq_info->nextseq gets set is based on state of the TCP stream.
(It might get set in other spots since there are a lot of pointers and structures in the code)

 tcpd->fwd->tcp_analyze_seq_info->nextseq=nextseq;

 tcpd->fwd->tcp_analyze_seq_info->nextseq = tcpd->fwd->tcp_analyze_seq_info->maxseqtobeacked;