I see that the calculated window size is set to 5888 with the three handshake, however it jumps to 7808 with the first ACK.
Can someone explain me why and what algorithm Linux (Linux OS and Wireshark) used to calculate this window?
I understand window scaling concept and I don't have any congestion or slow start at this point of time. 5888 was SYN. 2000 in flight after two seg push. So you have 3888 available now. At this point you send ACK 1001, so the receiver shoots out ACK with updated window size (3888+1000=4888). But I see 7808! How? I observe such increase for every ack, unable to quantitatively reason this out.
Best Answer
This post has a good explanation for what you're seeing.
And,