I am debugging an application with Wireshark and watching the TCP Window Size value shrink on one side of the communication.
If the packet's TCP section shows a "Window size value: 1", does that mean the source's window size is 1 or the destination's window size is 1? I know one side is communicating faster than the other can handle, I just want be sure I know which one it is.
1 192.168.0.1 -> 192.168.0.100, Modbus/TCP, Length: 66, Window Size Value: 1
2 192.168.0.100 -> 192.168.0.1, TCP, Length: 60, Window Size Value: 92
3 192.168.0.100 -> 192.168.0.1 TCP, Length: 310, Window Size Value: 92
4 192.168.0.1 -> 192.168.0.100 TCP, Length: 54, Window Size Value: 0
So is 192.168.0.1's window size 0 or is it reporting that 192.168.0.100's window is 0? Thanks.
Best Answer
The window size on packets from A to B indicate how much buffer space is available on A for receiving packets. So when B receives a packet with window size 1, it would tell B how many bytes it is allowed to send to A.
A few details worth knowing about window size are:
ACK number + window size * scaling factor
remains (roughly) constant.