Wireshark-users: Re: [Wireshark-users] Regarding TCP Previous Segment Lost

From: "Zachary J. Ziemba" <zach.ziemba@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 20 Mar 2012 21:06:27 +0000

Hadn’t thought of that until you mentioned it. I checked on it and confirmed that they are coming from the same mac address. I’m actually leaning towards Stuart’s example in another post as to why this is occurring after confirming what you and Scott have suggested. Thanks for the responses, starting to get a handle on it now.

 

-Zach

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Tim.Poth@xxxxxxxxxxx
Sent: Tuesday, March 20, 2012 11:58 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] Regarding TCP Previous Segment Lost

 

I have seen something like this before when I was getting the packets for the same conversation back from two different routers, In my case the routers were peers to the box I was on so the mac addresses were a dead giveaway between the frames. Assuming this is your issue aswell and depending on your setup you might see different mac address in your capture or you might need to go upstream abit to do the capture.

Hope that helps

tim

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Zachary J. Ziemba
Sent: Tuesday, March 20, 2012 10:44 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Regarding TCP Previous Segment Lost

 

Hi,

 

Can anyone offer a potential scenario that would explain why the highlighted packets are occurring in a stream that they do not appear to correspond to? I’m new to analyzing network traffic and can’t understand why the sequence number would transition in such a way mid-connection. Wireshark lists these packets as Previous Segment Lost/Retransmission but they appear to be unrelated to the connection.

 

Thanks in advance,

 

Zach