This was a solid addition to my understanding of both Wireshark and TCP. Great presentation, greatly appreciated.

Man ! I have been working with IBM (and reviewing network traces as needed for a LONG time !) and I wish I had known about your content from the beginning. It is very spot-on, and even for a 'vet' like me, a great refresher on a LOT of stuff. Excellent quality Chris !

your voice is so calming

love the way u explained the TCP Window size full. Thanks a lot

That is an excellent explanation. Thank goodness for Chris Greer.

This is the best tutorial i saw by far on TCP!

thank you so much Chris I want to know is there a video for send window ?

Thanks for the video. Have doubts.. So what is cause for this zero window..

Hi Chris, super video, learned a lot just from your video. I'm just wondering did you shoot the video about the send window? Because I didn't find it on your channel. Have a wonderful day

Such a nice presentation and clear crystal explanation. Looking forward more videos like this.....:)

hey Chris, lesson is supper clear and to the point as always and thank you very much. Can you also share the packet capture file for this video????? 😀

Such a perfect explanation Chris. Thanks so much!

Excellent .. you are a true Networking Hero

Hi Chris you are great and having each classes and seminar wonderful...but I am little bit confused about window size vs acknowledge number as you say acknowledge sent once bytes of packet transferred to other end ...now how can we track particular data from specific window which is lost during communication....pls correct my understanding if I am wrong let's suppose we have window 65535 at both side and mss value is 1460 ...so data can be transferred 1460 bytes in once and assign 1 sequence number which require acknowledge number based on previous sequence number +1

Thank you Chris. Great explanation

Hi Chris, Your videos are really great...these videos are helping me allot ...Really thanks allot from bottom of my heart

Thank you for the great video once again! very simple and easy to understand bit by bit

Hi Chris, your method of explaining things is immersive and it goes very well with the audience. I really like all your videos. Pls make a video on SACKs. Also just as Gabriele asked, why is the client sending an ACK more often than its specified window size. It sends an ACK after every 2 packets received @7:24, despite advertising a window size that could accommodate many more packets.

Great as always Chris 🎉

Wonderful explaination!

hi Chris, I am really enjoying and learn a lot of things with your video as network engineer. I was trying to reproduce as similar as your pcap sample in real world, but it was pretty hard. would you let me know where can I get that sample?

Hello Chris, first... great video! I'm just wondering if is there any way that I can get that trace file.. it would be helpful to practice. Let me know.

really just thank you from my heart chris

Hi Chris! Awesome presentation. How things are clear when understood :) I would have a question regarding the ftp transfers. this is the tcp handshake window + calculated window exchanged: 65535 65535 always has 63 TTL 49232 49232 always has 47 TTL 2081 66592 then they start sending files at the beginning small ones where each time the client is reaching some window size below 66592, the next will be a TCP Window Update to 66592. obviously bigger files were exchanged later, since the TCP window update is 99360, same story later with 132128, 558112, 1 048576 (lots with Dup ACK from client and retransmissions from server, then from client Reassembly error: New frament overlaps old data) The my question is pointing what follows: at one point after the x amount of TCP window update for 1 048 576, we got a [RST, ACK] Does it means that the file is too big (was informed it's around 400mb) and some window size upper threshold is hit? Thank you in advance!

Hi Chris, first of all, thank you for this lesson, you are a great teacher! I have a (maybe stupid) question though: (referring to 8:50 - packet from 378 to 390) Why is the client sending an ACK every 1514 byte sent from the server, if the client's window value is 256960? Shouldn t the "window size" rapresent the "maximum amount of data that can be sent before an ACK is received"? I know that the word "maximum" could be the answer to my question, if so, what criteria is the client following in order to send an ACK every 1514 bytes (1460 actually) ? Once again, great lesson! Hope to see some more asap!

hello, sir thank you for this very understandable walkthrough on receiving window. I have one question, whenever the packets come from the server to the client-side where do the data packets actually get stored? is it the NIC or there is some other storage for it.

Im having problems troubleshooting the bottleneck from there. What would you look for on the clients computer?

Great video. What are the possible causes of this?

Amazing details provided thank you.

hello at timeline 7:01 why windows size get overcrowded the client sends an ack (at 355,358 and361),so the buffer is than empty?

Hi Chris, Thanks for the video. I'm guessing this receive window is what's commonly referred to as awnd and the send window is referred to as cwnd? Also, if you miss the handshake and thus miss the scaling factor option, Wireshark will not have any way of determining the true receive window size after that? I guess to reword my question... Are options ever retransmitted after the handshake during normal operation? Any books you'd recommend? I'm part way through TCP/IP Illustrated, but not sure what should be next.

hi Chris...can you please share the Wireshark file of this video. Thanks

Hey Chris Geer, Once the client clears his buffer after 35sec then the client sends the calculated window as 256960 and the server replied with 6400. server sent 1514 bytes to the client and the client is acknowledging that. until the server sends data of 6400bytes(Window Size) to the client, the server should not expect the ack and the client shouldn't send it but for every 1514 bytes, the client is acknowledging. how is this happening, Can you explain me in detail?

very informative video. thank you

Awesome video thanks for this tutorial

Chris, why in TCP handshake windows size value 65535 multiplied by 4, then calculated window size is still 65535 ?. Why is it not 262140?

Very good explanation. Subscribing.

Super!!!Thank you for the great video

Thank you for the greate video! It helped me a lot!

Hi Chris or anyone else, could you please clarify why client is sending continuous acknowledgement if window is still empty? As per windowing concept client should send ack only after all the window size data is received.

Could you share the trace file with us Chris ?

Thank you for your simple explanation. Can you do a more comprehensive tutorials on WS.

Good video Chris, really helps my understanding of tcp window size. I have a scenario where i'm seeing a client send a SYN (Win=8192), server sends SYN-ACK (Win=0), client sends ACK (Win=64240) and then the client starts sending ZeroWindowProbes. To me it looks like the server is telling the client to wait. Anyone have any idea how to troubleshoot the reason the server would be doing this? Thanks!

Great video, great info

Thank you so much man

good job! thank you.

This video reminds me of the Lucy in the chocolate factory episode of I Love Lucy. Hilarious when her "chocolate window" was filling up.

Great, Go on

What is TCP send window???

test qn ans 1

Such a clear explanation, thanks a lot Chris.

Awesome video, thanks