Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Packet Loss Segmentation - TCP Retransmissions

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Barry Constantine" <Barry.Constantine@xxxxxxxx>
Date: Thu, 1 Oct 2009 12:02:15 -0700

Hello,

 

I have been trying to use the technique to determine packet loss (ingress or egress) based off of TCP retransmissions.

 

I wrote a script that looks at the retransmission SEQ numbers and determines how many retransmitted packets had multiple occurrences of the SEQ, and how many were only seen once.  If the SEQ of the retransmitted packet was seen more than once, then the loss was on the egress side of the measurement point (and conversely for SEQs seen only once).

 

So far with experimentation, I have had varied success and suspect that the detection scheme also depends on factors such as window size, latency, etc.

 

Anyone else have experience or suggestions with this technique?

 

Thanks,

Barry

 

  • Prev by Date: [Wireshark-users] Announcing pcapr Trends
  • Next by Date: Re: [Wireshark-users] How to convert the FR WAN Header to Ethernet ?
  • Previous by thread: [Wireshark-users] Announcing pcapr Trends
  • Next by thread: Re: [Wireshark-users] How to convert the FR WAN Header to Ethernet ?
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation