How TCP Works - Window Scaling Graph

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey welcome back and thanks for stopping by my channel so this time we're going to talk about the tcp stream graph window scaling maybe you've seen that before as you've set a tcp stream graph before or maybe you're looking at throughput or the stevens graph but what is that window scaling graph how does it work how can we use it to troubleshoot coming up [Music] so in this channel we talk about wireshark and how to troubleshoot networks and slow applications and also how tcp works so if you like this video consider subscribing and give a thumbs up down below so window scaling maybe we've seen that before as we've done some troubleshooting with tcp let's get into it and see how that graph works okay so here we are in our trace file and if we open it up we can see that it's just a simple connection between a client and server and data is going from 192 168 over to 10.001 that's the direction that these large packets are being sent in now before we jump into the window scaling graph first let's go ahead and add a couple of fields or rather columns to help us get a better handle of what's going on in this trace so as you can see in my column headers i have bytes in flight now you can add that as a custom column if you come down just pick any of those packets that you see you just pick one that has some data in it if we come down to sequence acknowledgement analysis and then come down to bytes and flight we can just right click that or two finger tap it if we're on a macbook and we can come up to apply as column and then that will give us bytes in flight now another one that i would like to add as well let's go ahead and come to calculated window size because i'd always like to have a good measurement on that window size on the receiver and see how bytes in flight relates to my window size these are actually the values that will be graphed out in the windows scaling graph so it's nice to understand them before we jump into the graph so here we can see bytes in flight data is being sent out and we are capturing on the side of 192.168.01 so we see data fly out we wait for some acknowledgements to come back in then we send another batch of data that more data flies out then we wait for some acknowledgements to come in now notice on the receiver i have a receive window of 212 992 okay so i can never have more data outstanding on the wire bytes in flight then 212 992 again remember i'm capturing on the end of 192.168.01 okay so that's an important thing to remember if i was capturing at this point 1001 it would be a different story then my bytes in flight would be pretty low because i'm probably going to be acknowledging that data as fast as it comes in the doorway but this is a good way to learn how these numbers interact so as i go down just going to scroll down a little bit more i'm going to see that bytes and flight continue to go up i'm putting data out in the wire data is being acknowledged in the opposite direction but notice my window size doesn't really go up on the receiver okay so i'd just like to point that out to you before we jump into the graph so let's go ahead and head into that graph i'm going to come to statistics going to go to tcp stream graphs let's go to windows scaling and now i have my windows scaling stream graph so now let's dig in a little deeper into this now on the bottom you can notice that i got receive window is checked and bytes out is checked so bytes in flight bytes out that's the blue line with all those dots that is data that is outstanding on the wire or how much data is outstanding on the wire unacknowledged and that can never be above the green line so the receivers window is graphed out for me with that green line okay so actually i'm going to zoom in a little bit just so we can take a closer look at that it never really changes okay so that's just always what i see that receive window being on that receiver but if you look at the bytes out here i can see bytes go out they get acknowledged so i send another burst those get acknowledged they send another burst so you can see these flat lines usually that represents my network round trip time the round-trip time latency that i see on the network that's how long it takes me to send data out and then get acts back so i have more data outstanding and then i have more data outstanding and notice here the client at the beginning it acknowledges everything that i put out in the wire so that's why we're starting over back at zero in terms of bytes in flight but as soon as that begins to go up that means that there's outstanding data out there that has not yet been acknowledged that i previously sent now the idea here is that bytes in flight can never go above the green line that is my ceiling so i can see for this transfer the window size was my limit the sender could not put out more data than that green line allows me to now depending on the application i'm using depending on the tcp stack that number can go up and it also can come down as the receive window fills so it's an interesting thing to see graphed out over time now while we're here in the tcp stream graphs another way to look at this is to come down to type and we've done this on a previous video but let's do it again here and let's go to tcp trace so here's the same stream but we're just looking at it from a different angle instead of bytes out and just receive window in fact if i come into zooms i'm just going to go in a little closer at the beginning here i can see my data going in flight my data going in flight my axe so here again i see that receive window that's my ceiling that's how much data i can put out there on the wire unacknowledged and then i have to stop as a sender so here i can see as soon as these packets really these are sequence numbers in flight as soon as they go out and they touch that green line the sender has to stop the receiver does not have enough room to receive any more data until these acts come in and then i can go ahead and begin sending more data so the window scaling graph it gives us a good idea of bytes out so also just a guesstimate of the tcp congestion window we can also see that in play and it lets us see that receive window over time and if it ever goes down to zero or if it ever becomes like in this case a ceiling so hopefully that helps you get a bit more out of the window scaling graph it's a great graph for troubleshooting really helps us to see if the window size on the receiver is the problem and it's a great way that we can graph bytes in flight out thanks for stopping by my channel i'll see you again soon

Info

Channel: Chris Greer

Views: 15,043

Rating: undefined out of 5

Keywords: wireshark tutorial 2020, wireshark tutorial, tcp/ip, tcp analysis, tcp window scaling, tcp handshake, tcp options, transport control protocol, packet pioneer, chris greer, packet analysis, tcp stream graphs, wireshark training, window scale, tcp receive window, tcp congestion control, congestion window, free wireshark training, free wireshark tutorial, free tcp tutorial, free tcp training

Id: Gl77u2RN1aw

Channel Id: undefined

Length: 6min 42sec (402 seconds)

Published: Wed Jul 15 2020