The behaviour of clients and servers has an impact on application delivery performance. Tracking key indicators at the TCP level can help to diagnose a variety of application delivery performance issues. Understanding these metrics is key to troubleshooting application performance slowdowns!
0-Windows is one of these key indicators. This article will teach you how to interpret this data whether you use Wireshark or SkyLIGHT PVX.
Defining window size and 0-Windows
During a TCP session, the client and server announce to each other the volume of data that they can manage. This buffer size is called the “window size”. This window size evolves constantly to optimize the data flow according to the changing capacity of the network.
- If one participant(i.e., client or server) cannot manage more data, it sends TCP zero windows (0-Win) to indicate that the TCP buffer is full
- These zero windows happen when datagrams are sent out faster than the receiving device can process them; this is TCP flow control using windowing.
- The transmission can resume again when the 0-win issuer sends a window size superior to 0.
When a machine starts to send more and more 0-win you have to investigate if there are enough resources, CPU, RAM…
For the sake of simplicity, we will not consider here other TCP mechanisms like slow start or congestion control.
Principles
How can you detect 0-Windows?
Using Wireshark
Simply open a tracefile with Wireshark and take a look at a TCP packet. You will find the TCP Window size values (flagged in red in the image below); to identify the packets containing a 0 Window, you can use the following filter: “tcp.analysis.zero_window” .
Using SkyLIGHT PVX
When you need to identify the one machine—among thousands of workstations—that suffers from slow transfers due to 0-Windows, you may want to use a solution like SkyLIGHT PVX. It computes millions of packets every second to provide statistical and historical data that points you to the right place in seconds. If you are interested in discovering how SkyLIGHT PVX can help you scale up your network troubleshooting capabilities, you should read this article.
It’s so easy to find the 0-Win machine data with SkyLIGHT PVX. You simply go to Application>TCP Events :
The TCP Events screen displays the conversations that you are interested in. You can simply filter by the number of 0-Window events. You can see which client or server is emitting the most 0-Windows and is hence slowing down data transmission.