Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Counting the number of duplcate packets

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 4 Sep 2009 17:19:45 -0700

On Sep 4, 2009, at 2:39 PM, Steve Evans wrote:

By duplicate packet, I mean packets with the same seq number in succession.

To what sequence number are you referring? TCP sequence number? 802.11 sequence number? Some other sequence number?

In this context, 7 duplicate packets in succession (retries) = 1 dropped packet.

I display the number of counted packets matching this query by creating some sort of filter that generate the results at the bottom by stating "number of displayed packets". Of course there must be a better way to see the results.

So do you want the number of dropped packets, or the number of duplicate packets?

Again, filters don't count anything, so a filter, by itself, won't suffice; at best, there could be a "duplicate packet" field added to packets that the dissector considers duplicates, and you could filter on that field and see how many packets are displayed, but

	1) that doesn't just give you a count

and

2) that gives you a count of *duplicate* packets, not *dropped* packets.

A tap for whichever protocol has the sequence number in question would probably be the way to get that statistic, but it involves writing code. It might be possible to write the code in Lua, if the version of Wireshark you're using is built with the Lua interpreter.