Hi,
I have a client/server connection where the client sends lots of data
before receiving an ACK from the server.
The connection is through a Linux firewall which is checking for INVALID
packets. Officially INVALID means "the packet is associated with no
known connection" but I read it also means "the packets violates window
size restrictions". I see my firewall dropping packets from this
connection as INVALID as soon as the number of bytes in flight exceeds
the unscaled window size.
I attached a pcap with the servers SYN/ACK packet. I hope that's ok on
this list.
The packet signals a Window size of 8,192, but also a Window Scale of 8
(multiply by 256), which would give my a Calculated window size of
2,097,152.
But my Wireshark 1.12.8 tells me "Calculated window size: 8192" which
would match with the firewalls behaviour.
Is there something wrong with the SYN/ACK packet?
Kind regards,
Robert
Attachment:
syn-ack.pcap
Description: Binary data
