Why TCP Window Full Slows Your Transfers and How to Diagnose It

Case Study: Slow File Transfer Between Data Centers

A client needed to copy a file from a Beijing data center to Shanghai and observed low transfer speed. Wireshark captured many TCP Window Full warnings, prompting an analysis of the cause.

Understanding the Expert Information

Wireshark reported 69 warning‑level packets with the message TCP Window specified by the receiver is now completely Full . This indicates that the receiver's window was full at those moments.

What Does TCP Window Full Mean?

The term refers to the receiver's window . When the amount of data in flight (Bytes in flight) equals the receiver’s advertised window size, Wireshark flags it as TCP Window Full. The brackets around the message show it is a derived interpretation, not a raw TCP field.

Locating the Relevant Packets

By selecting packet 224 in Wireshark, we see the warning and can confirm that other packets also show the same condition.

Wireshark’s analysis also shows a [Bytes in flight: 112000] entry, matching the receiver’s window size.

Identifying the Receiver’s Window

Since the transfer uses SCP, the client uses a high source port (e.g., 38979) and the server uses port 22. By filtering for packets with source port 22 that appear just before the TCP Window Full warning, we find packet 222, which contains the receiver’s advertised window of 112000 bytes.

Data Flow When the Window Is Full

1. Server (B) sends packet 222 with a receive window of 112000 bytes (no payload). 2. Client (A) receives this ACK and, having enough data to send, fills the window by transmitting 112000 bytes in packet 224. 3. Packet 224 also carries A’s own receive window (19200 bytes), but the dominant factor is B’s window. 4. When packet 224 reaches B, its receive window is exactly filled, so Wireshark marks the event as TCP Window Full.

Impact on Transfer Speed

The full window creates a bottleneck at the receiver, limiting throughput. Using Wireshark’s I/O Graph (All Bytes, interval 100 ms) shows speeds around 300‑400 KB/s for this transfer.

Analyzing Window Scaling

Opening Statistics → TCP Stream Graphs → Window Scaling reveals the receiver’s window size over time. Peaks where the Bytes Out line meets the Receive Window line correspond to TCP Window Full events.

Verifying the Transmission Formula

Initially, throughput was approximated by window / RTT. However, when data remains in flight without being acknowledged, the correct formula is velocity = acked_data / RTT. Using packets 1337 and 1357, the calculated speed (33600 bytes / 0.094 s ≈ 357 KB/s) matches the I/O Graph.

This demonstrates that when acknowledgments lag behind the data sent, the simple window/RTT estimate overestimates speed, and the refined formula provides accurate results.