Hi Maria,
Look in the TCP headers of the packets to see the Window Size field value.
In addition, you'll see that information in the Info column (Win=x). Also
consider selecting Analyze Expert Composite Info Notes - Wireshark has
Zero Window and Window Full alerts. Over at www.wiresharkU.com we have a
trace file set (see the FIN BIT magazine page) that I used in a session at
TechEd last week - grab the trace file set and check out the
download-bad.pcap trace. Look at packets 363-378 to see a client that hits
the zero window problem and the resulting keep-alive packets until the
Window Update is received. It's a nice trace - it was a terrible download -
over a 32 second delay because of the client TCP buffer space being
overloaded. Ouch.
Laura Chappell
Founder, Wireshark University
Sr. Protocol/Security Analyst, Protocol Analysis Institute
www.wiresharkU.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Maria
Sent: Wednesday, June 13, 2007 8:20 AM
To: wireshark-users@wireshark.org
Subject: [Wireshark-users] TCP Window Size
Hello,
While posting messages to a Network user group we were suggested to use
wireshark for TCP protocol analysis. We currently have a private network.
The network consists of one Dell laptop connected to a Netgear Ethernet 8
port switch and recording device connected to the Ethernet switch. The
application on the Dell computer is the client (using Delphi 7 -
tclientsocket) and the records are the servers. The recorders ship
continuous data at 1 megabits/second. We currently have 6 recorders
attached. What we are seeing is that the recorders after 12-18 hours start
to slow down in transmission speed. We think it is a TCP Window size
overflow. Our client application maybe not be receiving the data fast enough
and the window buffers are overflowing.
My question is how can we tell the TCP window size in wire shark? And how
much of it is not received by the application.
Hope I'm emailing the right please. Please let me know if I'm in error and
need to send the email else where.
Thanks for all your help.
Maria
___
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users