1

文档说 TCP 窗口更新通常是由于以前的零窗口。

我找不到以前的零窗口。还可能是什么?

Transmission Control Protocol, Src Port: 5431, Dst Port: 703, Seq: 1, Ack: 38529, Len: 0
    Source Port: 5431
    Destination Port: 703
    [Stream index: 0]
    [TCP Segment Len: 0]
    Sequence number: 1    (relative sequence number)
    Acknowledgment number: 38529    (relative ack number)
    0101 .... = Header Length: 20 bytes (5)
    Flags: 0x010 (ACK)
    Window size value: 256
    [Calculated window size: 256]
    [Window size scaling factor: -1 (unknown)]
    Checksum: 0x03c0 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
    [SEQ/ACK analysis]
        [TCP Analysis Flags]
            [Expert Info (Chat/Sequence): TCP window update]
4

1 回答 1

1

Wireshark 将一个数据包标记为“TCP 窗口更新”,如果它是一个 ACK​​ 数据包,除了窗口大小之外没有任何变化。一些 TCP 堆栈确实会发送此类数据包,即使窗口远未满(这种情况会导致“零窗口”数据包)。

参考:https ://osqa-ask.wireshark.org/questions/27253/under-what-c​​onditions-wireshark-marks-a-packet-as-tcp-window-update-packet

于 2019-03-04T09:53:52.980 回答