This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Too many retransmission packets defect - ok or bad?

0

Hello,

We got pcaps from our customer in between their application server and Database server. It was noticed that there were too many retransmission packets sent in between them. Is this something to be bothered about or is this normal

tcp.analysis.lost_segment filter too showed lots of segment loss, sent by APP to DB . What does this mean, app is slower or DB is slower.

Since it is customer's pcaps I am not uploading the file but attaching few screenshots without the IPs, the port 50002 belongs to Database and other ports seen in the screenshot belongs to the application.

This is seen almost throughout the trace, and re-transmissions almost every packet alt text

Lost segments - packets sent from App to DB (with tcp.analysis.lost_segment filter) alt text

Lost segments - packets sent from App to DB (with tcp.analysis.lost_segment filter) alt text

Lost segments - packets sent DB to App this time (with tcp.analysis.lost_segment filter) alt text

asked 18 Aug '16, 11:03

AnishFromBangalore's gravatar image

AnishFromBan...
6112
accept rate: 0%

edited 19 Aug '16, 02:54

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

1

Seems, that you have captured all packets twice. Please use:

editcap -d

to remove the double captured packets.

answered 18 Aug '16, 11:44

Christian_R's gravatar image

Christian_R
1.8k2625
accept rate: 16%