Annotated edit history of
TcpWindow version 1, including all changes.
View license author blame.
| Rev |
Author |
# |
Line |
| 1 |
JohnMcPherson |
1 |
For a [TCP] connection, each side keeps track of how much data the other side is capable of receiving into its buffers. This is called the __window__, and the TCP header has a field for reporting the window to the other end. The window size/sequence numbers are measured in octets (8-bit bytes). |
| |
|
2 |
|
| |
|
3 |
You can think of the window as continously sliding to the right, as the sequence numbers increase. If the OperatingSystem has more space available for buffering packets, the right-hand-side of the window will increase faster than the left-hand-side and the window becomes wider. If the left-hand-side of the window increases faster, then the window will shrink. |
| |
|
4 |
|
| |
|
5 |
The right-hand-side should never decrease in value. If this happens, then it is either caused by a buggy TCP implementation, or is a malicious attempt to confuse your networking stack. |
| |
|
6 |
The LinuxKernel's network stack will detect this and print something like |
| |
|
7 |
<verbatim> |
| |
|
8 |
kernel: TCP: Treason uncloaked! Peer 200.108.65.161:62710/80 |
| |
|
9 |
shrinks window 2077733939:2077733940. Repaired. |
| |
|
10 |
</verbatim> |
| |
|
11 |
to syslogd(8). |
| |
|
12 |
|
| |
|
13 |
(thanks to Kragen Sitaker for the explanation) |
