Wireshark-users: [Wireshark-users] Retransmissions inconsstent btw. wireshark and netstat
Hi All,
I'm running into a situation where netstat on a Windows XP PC and wireshark are not consistent.
We've been running FTP tests between a Windows XP client workstation and various FTP Servers. When we look at netstat on the client PC, it looks like there are lots of retransmissions. For a 1.5Meg file, I get 1,000 retransmissions, and only about 150 additional packets. I use Wireshark on another PC, connected to a hub that also has the workstation attached. Wireshark appears to capture all the packets, but sees no retransmissions. I've used the Analyze capability to look for retransmissions, fast retransmits, and Dup Ack's, but I get none. I've looked at the sequence #'s on the packets and the acks in the trace, and they all seem to be correct, and none are retransmitted or duplicated. I can use this same Wireshark PC
on other network segments, and retransmissions do show up, so I'm pretty certain my Wireshark is operating correctly.
Has anyone else run into such a situation. where netstat -s reports lots of retransmissions and Wireshark doesn't see them?
