TCP Zero Window - need clarification on this

2024-01-03

AL

updated 2024-01-03 10:26:30 +0000

If I have a packet as below

source destination TCP Zero Window

Which side is saying my TCP Window is zero, source or destination

2024-01-03

Chuckc

See the WSUG - 7.5. TCP Analysis:

TCP ZeroWindow

OK I have read this and if my understanding is correct its the IP address that is saying it has a Zero Window Size

TCP ZeroWindow Set when the receive window size is zero and none of SYN, FIN, or RST are set.

The window field in each TCP header advertises the amount of data a receiver can accept. If the receiver can’t accept any more data it will set the window value to zero, which tells the sender to pause its transmission. In some specific cases this is normal — for example, a printer might use a zero window to pause the transmission of a print job while it loads or reverses a sheet of paper. However, in most cases this indicates a performance or capacity problem on the receiving end. It might take a long time (sometimes several minutes) to resume a paused connection ...(more)

AL ( 2024-01-03 )

It's a bit confusing with the terms "sender"/"receiver" and "source/destination".
The text you provided shows that the "source" ( sent a message telling the "sender" ( that it could not receive any more data at this time.

Look down in the packet details. It's the "0" value for Window that Wireshark interprets as a "Zero Window".

    Window: 0
    [Calculated window size: 0]
    [Window size scaling factor: 4]
Chuckc ( 2024-01-03 )

this is the packet in Wireshark


AL ( 2024-01-03 )

Asked: 2024-01-03

Seen: 159 times

Last updated: Jan 03