Sniffing shows TCP Zerowindow

Unanswered Question

Hello All.

I've been troubleshooting an problem between an HTTPS server and some clients connected to my site through VPN.

Basically, My topology would look this way:

SERVER - 6509(with FWSM) - couple of switches just forwarding traffic in the middle, MY VPN concentrator and finally users connected through this concentrator.

I've been doing some sniffing and all of them shows a couple of TCP Zerowindow flags coming from the server and of course to me this issue sounds like to be something on the server side. Have you guys deal with something like that before?

If you guys agree on what i'm saying, anyone knows if there's an good document on the WEB, so i can send customer as an additional prove?

Thanks in Advance,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pompeychimes Sat, 07/04/2009 - 21:23

On the face of it i would agree. If the Server is throwing out a zero window size its either too busy and/or out of resources. IHowever, the FWSM has thrown me some curve balls in the past.

Have you tried moving the Server out from behind the FWSM temporarily?

Also, where exactly are you sniffing? Personaly I'd start right in front of the Server and behind the FWSM. If you see the zero window there you can be confident the problem is with the Server.


This Discussion