Some capture mechanisms and capture file formats can keep track of how
many packets wer captured by the kernel/nic but were dropped by the
capture application due to some resource starvation. I.e. packet was
captured but the application was too busy so the packet was dropped.
Dropped Packets indicates how many captures were captured by the nic
but dropped by the capture application while it was busy doing other
things.
Far from all capture mechanisms provides the infrastructure to report
this while one should not rely on it too much.
[TCP Retransmission] indications is a much more reliable mechanism to
detect packetloss.
netstat -s can also provide reasonably useful indications for tcp
retransmission statistics if run on both of the peers in the session.
On Fri, 24 Dec 2004 19:54:26 -0800 (PST), Muzalina Zakaria
<muzalina_zakaria@xxxxxxxxx> wrote:
> When I go to Statistics>Summary after each capture, it always give me
> Dropped Packets: 0 but I do encounter segment lost and retransmission. What
> does Dropped Packets really mean?
>
>
> ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> "Previous Segment Lost" menas just that: the previous segments was
> missing from the capture.
>
> Was this segment immediately ACKed by the other side?
> I.e. was there an ACK coming back reasonably soon after this segment
> that ACKed what was marked as the "next sequence number" for the
> "prev segm lost" packet or beyond that number ?
> If so, it is very likely that the packet did go across the weire but
> it was just missing from the capture.
>
> Or,
>
> Are there DupACKs and is there sometime later a TCP Retransmission
> with a sequence number that is prior to the one in the "prev segment
> lost" packet?
> If so it the packet was probably lost.
>
> Or,
>
> Is there an OutOfOrder segment just immediately after the previous segment
> lost?
> If so it is probably just packet reordering in the network which is normal.
>
>
>
> Keep in mind, packetloss in the network is normal and can not be eliminated.
> In fact due to the way TCP works TCP must deliberately create
> packetloss in order to be able to optimize throughput.
>
>
> If only a few packets are missing and retransmitted then this is
> normal and expected.
> This is ethernet and tcp/ip it is supposed to be lossy.
>
>
>
>
> On Fri, 24 Dec 2004 06:37:34 -0800, Brian Davidson wrote:
> > Okay, I see that a TCP Packet was lost, but I guess I want a fuller
> definition of the word "lost". Yes, the packet might actually not be there.
> Beyond that, how likely is it that the traffic was so heavy on the line that
> Ethereal did not have resources to capture and save it? I need to know if
> "TCP Previous Segment Lost" means absolutely that it was missing, rather
> than "slipped past while Ethereal was busy". Is there some other indicater
> in the capture file that traffic volume got high enough to affect the
> ability to record?
> >
> > I'll next ask this question of Cisco. Any idea what their answer will be?
> >
> > Thanks, Brian
> >
> > On Thu, 26 Aug 2004 17:08:24 +1000, ronnie wrote:
> > >
> > > They more than likely mean that you have packetloss somewhere on the
> > > path between the two hosts.
> > >
> > > So that TCP needs to retransmit the packets.
> > > 1, is an indication of TCP retransmitting a previously dropped packet.
> > > 2, is an indication that one or more packet prior to this one in the
> > > sequence number space was lost.
> > >
> > >
> > > On Wed, 25 Aug 2004 11:21:03 -0500, Neil wrote:
> > > > Hey guys,
> > > >
> > > > I'm trying to understand traffic. I am seeing the following in
> Ethereal. Can
> > > > someone help me understand what those traffic mean?
> > > >
> > > > 1. TCP Retransmission
> > > > 2. TCP Previous Segment Lost
> > > >
> > > > Thanks,
> > > >
> > > > Neil
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
> ________________________________
> Do you Yahoo!?
> Jazz up your holiday email with celebrity designs. Learn more.
>
>
