Both sides of a TCP connection (client / server) maintain a receive buffer, also referred to as a receive window, for incoming data. If the receive buffer becomes full, a Zero Window Condition will occur. When a Zero Window Condition occurs, the host cannot receive any more data. Wireshark has 5 packets that represent this issue:

• Window Full (notes)
• Zero Window (warning)
• Zero Window Probe (notes)
• Zero Window Probe ACK (notes)
• Window Update (chats)

Use the following filters to zero in on these packets:

• tcp.analysis.window_full
• tcp.analysis.zero_window
• tcp.analysis.zero_window_probe
• tcp.analysis.zero_window_probe_ack
• tcp.analysis.window_update

Of Wireshark only has tcp.analysis.window_update packets, neither host should have had a full buffer.