hi i try to check packet loss when i send a file how i can do this how i can the begin and end of file on the stream and how i can know if there is any loss happen and how i can know these packets are concern the same group(file) thanx asked 25 Mar '11, 00:02  flower |
One Answer:
You could isolate the stream using a conversation filter (I usually select one packet of the flow and use the popup menu to go "conversation filter -> tcp"). Then I'd edit the automatically generated filter by enclosing it in brackets and adding " and tcp.analysis.lost_segment". If you see packets after applying it you probably had packet loss. I say "probably" because you might also have had packet drops on capturing the flow, meaning that there was no real loss, you just didn't capture everything. answered 25 Mar '11, 01:28  Jasper ♦♦ showing 5 of 6 show 1 more comments |
how i can edit filter by enclosing it in brackets and where i add tcp.analysis.lost_segment plz can you describe with more details i'm not proffesional in using wireshark
if you use the Conversation Filter popup you should see that a filter is generated in the filter bar right on top of the packet list which is usually empty when you haven't edit. In there you can edit the filter.
ok jasper but when i go to conversation filter from analyze menu i didnit find this option (tcp) i find PN-IO AR and PN-IO AR(with data) is there any solution for this or another way to extract all packets which concern the same file send over communication thanx
You're looking in the wrong place :-)
Select one of the packets of your stream in the packet list (usually the top pane right below the filter input bar). Then right-click and select "Conversation Filter" -> "TCP" from the popup menu, not the main window menu.
thanx jasper i do it but how i isolate certain file packets for example i send an image file to another one and at reciver i want to find the packet loss which concerning only this file suppose if i send alot of files (image, sound, document) how i isolate only the backet loss concerning the image file thanx
What protocol are you using? If you use HTTP or FTP you can use the "find" dialog (Edit -> Find Packet), select "String" and search in Packet List or Details (or even the Packet Bytes). Wireshark will then try to find the filename, jump to the packet, and on that one you use the conversation filter like I described. If your're using HTTP/1.1 you might see multiple file transfers in the isolated flow, so you need to use the request and last image packet as boundaries.