In the following topology, PC1 is establishing a TCP session with PC3 for data transfer.

Check whether the TCP endpoints are exchanging the TCP window size with a value more than 0. If the window size is set to 0, the receiver is not capable of receiving any traffic and the data transfer will fail.

The preceding is an example of TCP zero window. The receiving node (10.0.0.9) is not capable of accepting any new sessions or data and so when it receives the SYN segment from any peer for a new TCP session, it replies with SYN, ACK segment and set the window size as 0. Normally, this condition will be rectified by itself once the receiver is ready to take additional data. When the receiver sends zero window message, it is normal to see the sender sending TCP zero window probe. This is a message sent by the sender to see whether the receiver's zero window condition is still true. For each response received from receiver for TCP zero window message, it exponentially increment the timer before sending the next probe message.

If the packet capture continuously shows that the receiver is sending with window size as 0, it may be an indication that the end server is not functioning properly, or that the incoming port buffer is full or stuck and may need additional analysis on the server side to fix any issue.

Once the issue on the server is fixed, it should be able to negotiate the right window size. In the preceding example, 10.0.0.1 replies with a non-zero window size in the SYN, ACK segment. It could be noted that the server also included a TCP option carrying window scale of value 9. The TCP peer will use a combination of window size and window scale to identify the sliding window size. More details about the window scaling is in the How it works... section.

In all the subsequent packets, each peer will include the window size that will be used the peer to scale up or scale down the sliding window size.