Ask Your Question

a Window Scale value on a client of "-1"

asked 2024-03-28 20:34:13 +0000

I have captured data from an end user as he connects to his server. The connection will drop a few times a day.

As i am gathering data and analyzing it in Wireshark, i see something that may be an anomoly.

I see the field for Window Scale sizing factor on the client, and it is set to -1. I am not sure and have yet to find anything on it by searching.

Has anyone else ever seen a Windows scale size set this way?

Thanks in advance, KMNRuser

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2024-03-28 20:59:56 +0000

Jim Aragon gravatar image

-1 means "Unknown." The SYN and SYN/ACK packets are not in the capture file, so Wireshark does not know if window scaling is in use, and if it is, what the scale factors are.

edit flag offensive delete link more


On top of that, a scaling factor of -2 means the SYN and SYN/ACK were indeed seen, but no WS option was seen in the SYN or the SYN/ACK, so -2 means: "No Window Scaling used"

SYN-bit gravatar imageSYN-bit ( 2024-03-28 21:05:43 +0000 )edit
Chuckc gravatar imageChuckc ( 2024-03-28 23:44:46 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2024-03-28 20:34:13 +0000

Seen: 33 times

Last updated: Mar 28