Yes, the scaling factor is contained within the TCP options and is a field that takes up 3 bytes (24 bits). It is used as a multiplier for the 16 bit Window field, in order to be able to get larger values for this field to improve performance of TCP. This was a necessary addition to TCP as data transfer rates increased in speed.
This increase in the window size is a phenomenon that occurs in all TCP transmissions. As data is being sent reliably, and acknowledgements are being received without error, the hosts attempt to increase the amount of data that is to be sent before getting an acknowledgement, thus increasing speed and efficiency of the transfer. This is done until some segments are lost. When this happens, window size is reduced and then increased slowly once again. This whole process is called TCP Slow Start, and is further described in the following lesson:
The algorithm used to determine window size increase is performed the same regardless of the OS, or memory, or resources of the sender. However, the largest window size reached does depend on the system resources of the devices that are communicating.
The window size is something that is defined in each direction. It will only increase if there is a need for it to increase, that is, if there is a demand for higher throughput. If there isn’t it will remain the same. In this instance, it seems that most traffic was taking place from the client to the server, so window size for the direction of traffic was increasing.
Although the window size does depend on things like buffer size, NIC speed, memory, and CPU resources, it is not a measure of the buffer itself. It is a value that is used to regulate the flow, or provide flow control of data. A host may be able to handle more traffic when its CPU is idle, and its memory is free, but at other times, its CPU will be occupied, and the memory will be used up, so the window size at that point will not get as large.
Remember that the window size is the maximum amount of data that can be sent before an acknowledgement is received. This doesn’t mean that ACKs can’t be sent for smaller amounts of data. The window is the maximum, but the OS will often send ACKs before that maximum is reached, simply because it has the resources to do so.
I hope this has been helpful!