How to view TCP advertised window by using tcpdump?

Patrick Mahan mahan at mahan.org
Fri Sep 5 06:02:08 UTC 2008 


EdwardKing presented these words - circa 9/3/08 10:15 PM->
> I use TCP client to connect daytimesesrver which port is 13,I want to know how to use tcpdump to view TCP advertised window? Where is the TCP advertised window in the tcpdump result?
> 
> Thanks
>

When you run tcpdump, for tcp packets, look for the 'win' string.  For example, looking at a pop3 stream
I see -

tcpdump -i rl0 -s 1500 tcp and port pop3
[...]
23:00:38.371059 IP 10.0.0.10.pop3 > 10.0.0.1.33656: P 13468:14292(824) ack 96 win 33304 <nop,nop,timestamp 246782562 2080639302>
23:00:38.373003 IP 10.0.0.1.33656 > 10.0.0.10.pop3: . ack 14292 win 65535 <nop,nop,timestamp 2080639302 246782562>
23:00:38.629916 IP 10.0.0.1.33656 > 10.0.0.10.pop3: P 96:104(8) ack 14292 win 65535 <nop,nop,timestamp 2080639302 246782562>
23:00:38.630021 IP 10.0.0.10.pop3 > 10.0.0.1.33656: P 14292:14325(33) ack 104 win 33304 <nop,nop,timestamp 246782588 2080639302>

The "win" indicates the advertised window.  So 10.0.0.10 is advertising a window of 33304 bytes
and 10.0.0.1 is advertising a window of 65535 bytes.

Try 'man tcpdump'.

Patrick

> 
> ----------------------------------------------------------------------------------------------
> Confidentiality Notice: The information contained in this e-mail and any
> accompanying attachment(s) is intended only for the use of the intended
> recipient and may be confidential and/or privileged of Neusoft Corporation, its subsidiaries and/or its affiliates. If any reader of this communication is not the intended recipient, unauthorized use, forwarding, printing, storing, disclosure or copying is strictly prohibited, and may be unlawful. If you have received this communication in error, please immediately notify the sender by return e-mail, and delete the original message and all copies from your system. Thank you. 
> -----------------------------------------------------------------------------------------------
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 
>

More information about the freebsd-questions mailing list