Wireshark watches the parameters of the monitored packets:

• It watches TCP window sizes, and checks whether the window size reduced to zero
• It looks for TCP packets (segments) that are out of order, that is, whether they were sent before or after the expected time
• It looks for ACKs for TCP packets that were not sent

These parameters, along with many others, provide you a good starting point to look for network problems. We will get to the details of it in Chapter 11, Transport Layer Protocol Analysis.