Hi, I would like to ask a beginners question, hope someone takes the time... As much as I read a packet is said to be lost if there is no acknowledge packet returned to the sender before the corresponding RTT timer runs out. Now my question is, how it can be detected that a segment is lost and then retansmitted when being on the receiver side. I also found a filter tcp.analysis.retransmission. Would this lead to the same results as tcp.analysis.lost_segment ?? Or do they refer to different transmission directions? Thank you for any help Martin asked 04 Oct '11, 08:14  Mr_M_from_R |
One Answer:
Wireshark marks a segment as lost when there is a gap in the sequence numbers it has seen. So if you have 3 packets and Wireshark sees only packet 1 and 3 it can tell by the gap in the sequence numbers that after packet 1 there should have been packet 2. If it isn't you'll get a "previous segment lost" message for packet 3. Retransmissions are detected by seeing another packet with the same sequence number as a previous packet, or if a packet was lost and issued later. In the case mentioned above you might get a "suspected retransmission" message when packet 2 comes in later. answered 04 Oct '11, 08:27  Jasper ♦♦ edited 04 Oct '11, 08:27 |
