wireshark and tcpdump -r: strange tcp window sizes
The window sizes are correct - they're just unscaled.
The connection initiator has set a wscale
(window scaling factor) of 7, so its subsequent win
values must be multiplied by 128 to get the window size in bytes. Thus the win 46
indicates a window of 5888 bytes.
The connection recipient has set a wscale
of 6, so its win
values must be multiplied by 64. Thus win 133
indicates a window of 8512 bytes, and win 178
indicates 11392 bytes.
tcpdump/wireshark disconnect
Finally after 5 month I found how to fix this issues.
I just have to update my network card drivers (in my case, iwlwifi)
tcpdump and wireshark: Show timestamp
You can use a display filter to filter on time range.
For example:
(frame.time >= "Mar 18, 2015 20:38:04.705104000") && (frame.time <= "Mar 18, 2015 20:38:06.415883000")
Useful link:
WiresharK Wiki
Related Topics
Vimdiff: How to Put All Changes Inside a Particular Function from One File to Another
Command-Line Fulltext Indexing
Git Error: Gpg Failed to Sign The Data on Linux
Is Visual Basic Supported by .Net Core on Linux
Drop/Rewrite/Generate Keyboard Events Under Linux
Atomically Swap Contents of Two Files on Linux
Linux Bash Script Get User Input and Store in a Array
How to Detect If The Script Is Running on a Virtual Machine
Sed Only The Last Match Pattern
Default Font Size of Javafx Under Linux Is Larger as on Windows
Dependency Failure While Installing Libboost-All-Dev on Ubuntu Core 14.04
How to Log Messages from an ASP.NET Core Application to a Specific File on Linux
How to Zip Folder That Contains More Than 12Gb Data