Wireshark-users: Re: [Wireshark-users] Regarding TCP Previous Segment Lost

Date: Tue, 20 Mar 2012 15:58:21 +0000

I have seen something like this before when I was getting the packets for the same conversation back from two different routers, In my case the routers were peers to the box I was on so the mac addresses were a dead giveaway between the frames. Assuming this is your issue aswell and depending on your setup you might see different mac address in your capture or you might need to go upstream abit to do the capture.

Hope that helps

tim

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Zachary J. Ziemba
Sent: Tuesday, March 20, 2012 10:44 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Regarding TCP Previous Segment Lost

 

Hi,

 

Can anyone offer a potential scenario that would explain why the highlighted packets are occurring in a stream that they do not appear to correspond to? I’m new to analyzing network traffic and can’t understand why the sequence number would transition in such a way mid-connection. Wireshark lists these packets as Previous Segment Lost/Retransmission but they appear to be unrelated to the connection.

 

Thanks in advance,

 

Zach