This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

why cascade pilot retransmission count is not like wireshark

0

for specific tcp.stream i use (tcp.stream == 0 and tcp.analysis.retransmit) display filter

in wireshark it displays 129 packet all retransmit and correct ip source and destination

but for same capture file cascade pilot shows that there 210 retransmission packets

how come??

asked 01 Apr '14, 15:45

shady's gravatar image

shady
118813
accept rate: 0%

edited 01 Apr '14, 15:47

One Answer:

0

how come??

maybe due to different filtering in Wireshark and Pilot?

What happens if you Export just TCP stream 0 in Wireshark and then let Wireshark and Pilot analyze the file. Do you still see a difference?

If yes: That needs to be analyzed further.
If no: You probably used different filters in Wireshark and Pilot.

Regards
Kurt

answered 02 Apr '14, 13:28

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

i did what said

i noticed that in pilot analyzer under tcp error tap there (retransmission , dupl ack , lost segment )

there is difference in retransmission and lost segment

but there are the same in dupl ack

i think some thing wrong in filter

(03 Apr '14, 02:35) shady