This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Track dropped packetes

0

I have two pcaps taken one at the ingress of the device and the other at the egress. The device seems to be dropping the udp packets. The packets have an identification of all 0s Is there a way I can track what packets are missing in the packets at the output.

asked 03 Mar '12, 22:31

Packet's gravatar image

Packet
1111
accept rate: 0%

One Answer:

0

That depends on the way the device alters the packets.

  • If it just switches the packets at Layer-2, then the frames will be exactly the same on the ingress and the egress port. In this case you can use wireshark to generate a MD5 hash on each packet and compare those.
  • When the packets are routed and or natted, then you can compare the length of the packets and maybe the first couple of bytes from the payload. This will work well when there is no packet re-ordering in the device

answered 04 Mar '12, 03:15

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%