Hi,
The FTP transfer capture I'm looking at clearly shows TCP ZeroWindow occassionally and I want to graph this using I/O Graph in Wireshark v2.6.0, however it's not working like it want it to! :-)
I would like a graph thats is more or less a declining line whenever the receivers window is being used, with a clear "dip" whenever the window size reaches zero. This should be possible based on looking at a column showing tcp.window_size.
What I'm getting is more or a lot of peaks, with no clear indication when the window reaching zero.
I'm filtering on the source using ip.src=="ip of source" and a Y-field of tcp.window_size. I've tried every Y Axis calculation, but it seems what I'm really in need of is something that just graphs the value of the Y field, and not the Max, Min or AVG.
I'm guessing I'm doing this wrong - or at least I'm hoping - so can someone with knowledge on the subject help me out? :-)
Regards, Niels
