This is our old Q&A Site. Please post any new questions and answers at

How does Wireshark knows that a packet on the receiver side is being retransmitted. I mean it makes sense on the sender side: Wireshark sees two identical packets (with the same sequence number) being sent, and so it will mark the second packet as being retransmitted.

Note that I am not talking about two identical packets being received and TCP will ignore one of them. What I talking about is when I have only one packet received and Wireshark has marked it as being retransmitted. Is it because for example I receive packet 1 and then I receive packet 3, and then when packet 2 arrive, Wireshark will assume that packet 2 is being retransmitted?

asked 27 Jul '15, 08:37

John_857's gravatar image

accept rate: 0%

Wireshark makes an educated guess, based on the delta time of the "old" packet arriving relative to the packet loss - if it is following the gap really quick it's marked out of order, otherwise it's called a retransmission.

A retransmission can never be sent before the receiver has notified the sender about the missing segment(s), so a true retransmission cannot arrive earlier than the round trip time. Exceptions are when the sending stack is going crazy for whatever reason, sending retransmissions way too fast.

permanent link

answered 27 Jul '15, 10:01

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

edited 27 Jul '15, 10:03

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 27 Jul '15, 08:37

question was seen: 1,400 times

last updated: 27 Jul '15, 10:03

p​o​w​e​r​e​d by O​S​Q​A