Hi I am capturing some traffic from multiple 10G interfaces to a laptop connected at 1Gbs. If applied a capture filter to specifically look for the IPs I need to investgate. In my capture files I see a lot of retransmissions, unseen segments and out-of-order segements. Is it possible that wireshark is seeing these due to packets getting lost to to the overload of the 1GBs connection? Thanks asked 20 Sep '13, 00:38  murawai |
One Answer:
Most certainly you have lost frames due to
Your capture setup seems to be kind of under-sized for that kind of environment! You could try to add filters on the aggregating device (n x 10G -> 1G) to limit the amount of traffic. However, that is no guarantee to overrun the 1G link. If the laptop is the source of the problem, the only option is to get a device that is capable to handle a fully utilized 1G link. Regards answered 20 Sep '13, 00:56  Kurt Knochner ♦ edited 20 Sep '13, 01:02 |
Hi - thanks it does sound likely & would make sense for the "TCP ACKed unseen segment" - however just to be sure can you confirm this would also explains why wireshark is seeing so many retransmissions, also out-of-order packets? If it makes sense for all these then thats great, I just did't want to ignore these "errors" if there was no sensible reason. Much appreciate your assistance Cheers
without looking at the capture file neither can I confirm that nor can I decline it. Can you post a small sample capture file somewhere (google docs, dropbox, cloudshark)?