On Aug 9, 2022, at 10:50 PM, Gayathri R <gayatr@xxxxxxxxx> wrote:
> I wanted to understand how wireshark reports packet losses in the network.
A packet analyzer detects packet losses *in the network* by inferring from what it sees in a capture that some packets are missing.
The way that's done is protocol-specific.
> The 2 options which I came across,
> 1) Expert Information and
Some Wireshark dissectors may detect packet losses and report them that way.
> 2) dropped packet counter under capture file properties,
That does not report packet losses in the network - it reports packets that *arrived on the host on which Wireshark is running* (so those packets *did*, at least, not get lost on the network between the sending host and the capturing host) but that couldn't be delivered to the application doing packet capturing due to insufficient buffering.
A packet dropped by the packet capture mechanism could make it appear to the packet analyzer as if that packet was lost on the network, but that doesn't mean that it *was* lost on the network.