finally someone can explain it in human way

This idea of buffer helped me alot! Thanks

Hey Chris, thank you for explanation. I was very confuse topic for me and i got an online TCP/IP course that confused me even more, and you made it so clear and eazy to understand. thank you again.

Excellent teacher! Awesome video, thanks a lot.

Very well explained! Awesome.

Nicely done!

more TCO+P and Wireshark knowledge learned.... thanks Chris.

Wow, excellent video!

Hi Chris, it is very good! thanks

Really good! Thanks :)

Excellent Video . Is this the Sliding Window Technique

Fantastic video . Thanks

Thank you!

That was really good one. Finally got someone who explained it to the point. I want to know what are the ways to calculate windows scaling factor if we missed 3-way HS. it is calculated with respect to bandwidth and RTT. So I need to know how to get these values via wireshark. Many thanks :)

Hi Chris, Thank you for the great posts and this resource becomes very helpful when it comes to live troubleshooting. I wanted to ask if you have these sample traces from where we can download for practice ?

Hi Chris, Thanks for the Wonderful videos. After watching the content, I have a statement which I wanted to be sure of. Could you please confirm that my understanding is correct for the below. "For a particular TCP connection, Window Size will vary dynamically. However, the Scaling Factor remains constant throughout the whole connection?"

Hey Chris nice explanation as always. In your first video related to window Size, you said " Window size tells the other side how much of a data he can send to us without waiting on an acknowledgement. But here in this video, you are saying at the beginning that more window size means the someone can put more data on the wire?? My understanding is that no one can put more than 1500 bytes of MTU on the wire, if they are using Ethernet. So, is it just that an increase in window size will speed up things. Because, now the other guy can send may be 65535 bytes of data(small chunks of 1500 bytes on the wire still) without having to wait for an Ack? response is highly appreciated!

Chris, reduction of the window size on the go which means indirectly that the sliding window protocol slides over the buffer and announce the available buffer to receive the data. is that right?

Hi Chris, thanks for sharing this great video. My question is why in your first example the window size and calculated window size are both 65535 even the window scale is 2. shouldn't it multiply by 4 - 65535*4?

Chris, i didn't understand how windows scaling and scaling factor are increasing the throughput of the data transfer between sender and the receiver. Could you enlighten me on this ? Regards.

Tks for these simple and easy to understand videos that you are making . I have watched many videos of your Wireshark series and i really like it. I have a question about this video. If we choose the scale factor wrong ,which means the scale factor does not match the real scale factor this connection had in the past, will there be any trouble for this connection ? for example : The connection between 192.168.1.1 and 10.0.0.1 had the scale factor number 2 in the past.Now we use wirehark and suddenly we catch this connection again,but in the Protocol Preferences we choose the number 4 instead of 2.

Hi Chris, firstly thanks for this wonderful tutorial. I am a non network guy and I never had the clear understanding of TCP. Your videos has helped me a great deal to understand the TCP. I just had one question. You mentioned window scale can go upto 14, but on the server side packet you pointed it was set to 128. Can you please explain if I missed something?

Hi Chris, nicely explained. i have a question for you. should communicating peers have equal calculated window size in both ends?

Hello Chris! Thanks a lot for the great explanaition! I have a question : In which cases scale factor is not used? I captured this from a specific connection : [Window size scaling factor: -2 (no window scaling used)]

Hi Chris, Thank you for taking the time to make these videos, you are very good explaining. I have one question, though. If you could please answer that would be awesome. So the question is, why doesn't the server send the package with all the size the receiver window can accept? In this case, 65535.

Hi @Chris Greer, at 3:26 i'm assuming it should be Client to server... unlike you mentioned Server to client... it caused me confusion all the way along .. so just to clarify

Hi could you say me how i'll cause a zero windows

Hi, Thanks for the great content, I have a diameter server, I received a lots of TCP Zero Window, I have check wireshark pcap, I see tcp.window_size_scalefactor = -1 , why it is -1 ? any idea ?

Hi Chris, in your experience, what is the typical window scaling factor? The bigger the scaling factor, the larger the memory size is required on the receive side. Correct?

What if you have a Client with a large Window Size of 256K with a scaling option of 8, on a LAN that should be able to send/receive 1Gbps, but you're noticing that the server is only sending 30 Mbps? The Servers' frame rate is 1506 MTU, and on each ack the client indicates that their receive buffer is still 256K. What else would be preventing the server from putting more data on the wire?

Are there any steps to reproduce the same?

Hi Chris - excellent stuff - would it be possible for you to create short videos on TCP Slow start , TCP Congestion Window , TCP Acceleration / optimisation , FAST Tcp.

Can i use it on Twitch or Streaming services ?

when are you making a video on Congestion control?

Hey Chris, do you happen to know how the scaling factor is being calculated? I found that it is derived from the buffer size value. But I just cant find out "how". Id like to know for SLES 12 for a given rwin size... Any suggestions?

Hi Chris. If I see quite a number of Client TCP Retransmission from a client host and I checked that the packet sent is reaching the server and the Server ACK is reaching the sending client, could it possibly mean that the Retransmission Timer of the client is small and should be increased?

Will the window size get multiplied (by window size scaling factor) everytime after a successful packet transmission?

I have a question, I have an issue with the transfer between Client and Server (Azure) with a dedicated 1Gbps link. In this link the iRTT is around 130 ms. We can say that this value is fixed, I have seen it. My problem is that with the same Client and Server, same link, transferring the same file (.iso around 1.5BGB), some times the transfer speed is excellent, using almost all the bandwidth available around 80-100 MB/s, and some times it drops to almost 10 MB/s, of course, I can see the windows size shirking. If I switch this dedicated link to a different path with around 90 ms RTT, the transfer speed is always stable around 80 MB/s upload and download directions. If the windows size is the buffer set by the client and server or the application, How the client and server measure or take this RTT value into account to decide how windows size will shrink or increase? The transfer is done with a regular windows shared folders between the PCs. Thanks in advance.

Please explain for me this. In the " TROUBLESHOOT WITH WIRESHARK-- LAURA CHAPPELL'", ON PAGE 202, said that BOTH SIDE OF A TCP CONNECTION MUST SUPPORT WINDOW SCALING IN ORDER IT TO BE USED. SO IF CLIENT HAS WINDOW SCALING OF 2 ( MULTIPLY BY 4) , SERVER HAS WINDOW SCALING OF 0( MULTIPLY BY 1) , THEN CLIENT HAS TO USE SCALING OF 0 INSTEAD OF 2. IS IT RIGHT? PLEASE HELP ME TO UNDERSTAND

I have the same problem with the client, is anyone can tell me how to resolve this problem?

Can anyone explain me y is tcp windows size value is greater than MSS ?

How do you emulate this kind of scenarios? I'm trying to test this out in my lab but I couldn't repro it, the Window size never falls to 0, I tried FTP of 1.5 gig file. 167457 2018-01-08 19:36:09.131153 192.168.10.1 192.168.10.100 FTP-DATA 1026 "4194304" [TCP Window Full] FTP Data: 972 bytes 167458 2018-01-08 19:36:09.131245 192.168.10.100 192.168.10.1 TCP 54 "3892" 55246 → 64508 [ACK] Seq=1 Ack=124580209 Win=3892 Len=0 167459 2018-01-08 19:36:09.131256 192.168.10.100 192.168.10.1 TCP 54 "972" 55246 → 64508 [ACK] Seq=1 Ack=124583129 Win=972 Len=0 167460 2018-01-08 19:36:09.131466 192.168.10.100 192.168.10.1 TCP 54 "3072" 55246 → 64508 [ACK] Seq=1 Ack=124584101 Win=3072 Len=0

Window scaling doesn't affect MTU or MSS size ?

Why not to make window field bigger? Why so much complexity in protocol)

64k, not 65k. 1k is 1024 bytes, not 1000 bytes. Good info here. Thanks!