Wireshark 101: TCP Flow Control

Today on HakTip, Shannon explains window size in packets and how TCP controls flow of data.

When sending TCP packets you can run into problems in which the outcome would be retransmissions and duplicates. There is a way to keep packet loss from happening too. This is called a 'sliding window mechanism'. It lets you adjust the rate of data transmission depending on the destinations 'receive window'. The destination has a certain amount of bytes it can hold in it's TCP buffer space, and if the amount of data spills over that buffer space, it results in packet loss. You can view the "Window Size" under the TCP packet header.

Each time the amount of bytes accumulates in the Buffer Space, eventually it'll be processed up to the Application layer protocol, and the buffer space will be available again for a new packet of bytes.

If a server is receiving data too quickly and it can't process all the bytes fast enough to keep it's buffer space low, it can send info in it's ACK packet telling the sources to send lower amounts of data.

Know how when you have a big empty pail, you can basically dump water into it really fast and it won't spill out because the pail is large enough for all the water? Well, if I replaced a pail with a little coffee cup, you'd have to pour the water a bit slower so it doesn't spill all over the place, and you can't hold as much water in the cup until you've already drank what's already in there. That's kinda what's happening here.

If a destination is running out of space, it can also send an ACK saying it has a 0 byte size window, then the source will just send these packets called 'Keep Alive' packets.

Let me know what you think. Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.