Is it possible to easily calculate and display e.g. a column that optimally shows the number of bytes of missing data whenever missing data is indicated using SACK? E.g. a server indicates missing data, by sending a packet with ACK 1000 and SLE 1100 and SRE 1400. The original data sent by the client was 1400 bytes. So, in essence I would like to have a column that for the particular packet with SACK used, displays 100 bytes - i.e. the missing amount of traffic. If a column is not possible, is this type of analysis possible using scripting or similar? Reason being is that I see all data being received at the server, but for some reason, the server does not acknowledge it. I'm trying to find the smoking gun and my idea is that for whatever reason there might be a pattern where e.g. the server always "misses" 100 bytes of data. asked 07 Nov '14, 00:17  NJL |
One Answer:
I don't think Wireshark can do this because you can't have columns that calculate stuff for you on the fly. You could try to add a custom column containing the SACK edges and export the packet list to CSV (via the file menu). Then import that file into Excel and have it calculate the missing pieces. I'm not sure though if this can be easily done, because you might have more than one SACK block in the options. answered 07 Nov '14, 12:23  Jasper ♦♦ |
Thanks for the suggestion, but you were right, it's not something that's easily done unfortunately - at least not to be able to cover the full details as you suggest yourself.