Wireshark-users: [Wireshark-users] TCP Retransmissions

From: "Barry Constantine" <Barry.Constantine@xxxxxxxx>
Date: Tue, 9 Jun 2009 10:51:23 -0700

Hello,

 

I recently saw a tip at Wireshark University site that talked about isolating the location of packet loss based upon some specifics around the retransmission event.

 

I understand the concept that seeing the same packet twice, means that Wireshark used this as the criterion to declare the retransmission and the capture was performed closer to the sender side.

 

The tip goes on to state that if the packet is not seen twice (same SN) near the declared retransmission, then the packet loss was downstream (closer to the receiver) farther away from the capture location.

 

My question is, if it is not due to Triple Dup ACKS, how does Wireshark declare retransmission?  This is the only way I can think of that the loss can be pinpointed in terms of downstream.  In other words, the receiver sends Trip Dup ACKs, and Wireshark declares retransmissions, then the isolation to downstream could be made.

 

Is there another technique that Wireshark uses besides “seeing the same packet twice” or Trip Dup ACKs?

 

Thanks,

Barry

 

Principal Member of Technical Staff

 

JDSU Communication Test (formerly Acterna)

Emerging Markets and Technology Research        

One Milestone Center Court                             

Germantown, MD 20876                                        

(W) 240-404-2227                                               

(C) 301-325-7069