Imagotype-NetworkDataPedia (1)_edited.pn

NetworkDataPedia © 2018-2020  |  Editorial Team   |   Privacy Policies  |  Contact Us          Website built by DYCMarketing 

Fixing Window Scaling Analysis Issues Wireshark 2.0

February 22, 2016

 

When analyzing packets its important to get it right.  I spend a lot of time explaining to people that the TCP handshake is critical to capture since some information you might need is only seen there.

 

Items that would be an example of this are; TCP MSS, SACK Permitted and TCP Scaling Option values. The TCP window scaling option is used to increase the TCP receive window size past its maximum value of 65,535 bytes.

 

If you’ve ever analyzed a trace where the TCP Scaling option was used but you did not have the TCP 3 way handshake in that trace, you will see weird TCP Window Size values.

With Wireshark 2.0, you can tell Wireshark what the scaling option or factor is and not the TCP Window sizes will be accurate.

 

In this video I show you the trace file with a scaling option, then I remove the scaling option to show you what the TCP window size now looks like, finally I show you how to use the Protocol Preferences option to tell Wireshark what scaling option to use.

 

Enjoy

 

 

Share on Facebook
Share on Twitter
Please reload

Sponsored By:

Viavi

Display_LoveMyTool_170x400.png
Recent Posts

November 12, 2019

Please reload