Wireshark-users: Re: [Wireshark-users] TCP windows update
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 1 Mar 2011 13:23:19 -0800
On Mar 1, 2011, at 12:45 PM, Andrej van der Zee wrote:

> Maybe a silly question, but can a Windows update be piggy backed with a data segment, or is it always contained in a zero-length data segment?

As Stephen said, "Each TCP segment has a window size"; nothing in RFC 793 says you can't put data in a TCP segment that has an "advertised window" value different from the one in the previous segment.

> Also, can a Windows update contain an ACK number for non-ACKed data segments?

Again, nothing in RFC 793 disallows that.  In fact, once a connection is established, *every* segment contains an ACK number - to quote RFC 793:

  Acknowledgment Number:  32 bits

    If the ACK control bit is set this field contains the value of the
    next sequence number the sender of the segment is expecting to
    receive.  Once a connection is established this is always sent.

It might be the same ACK number as the previous segment in the same direction, but it's always there.