Wireshark Packet Loss – How to Find Packet Loss in Wireshark Network Dump File

packet-losstcpwireshark

I am a beginner in Wireshark, and I would like to find some problems with a TCP connection. Basically, I have some sockets timing out, and I would like to find out if the message (packet) being sent has been lost.

Is Wireshark the right tool for this purpose?

Best Answer

Yes, you can use wireshark (and/or tcpdump) for this.

I would run wireshark on both source and destination hosts, with a capture filter for the traffic you are interested in, and then check if the traffic is actually sent and if the same traffic is received at the other host.

Related Solutions

Measure one-way latency/jitter/packet-loss

One way to do this is ICMP Timestamp, which is milliseconds from midnight UTC. It has the added benefit that you don't necessarily need to control both ends, as long as the far-end is not firewalled, there is good chance it'll work.

However, to have reliable one-way measurements, you need reliably same time in both ends. As ICMP timestamp only have precision of 1ms (which is not nearly enough for many applications, but sufficient for this) it's reasonably easy to find even non-cooperating hosts where ICMP timestamp will provide useful data.

If you control both ends, be sure that you are synchronizing NTP to only 1 server and same server. The absolute clock is not very important, it's just important that you experience as closely same time as possible.

If ICMP timestamp is not sufficient, it's very easy to write 10 lines of ruby/perl/python or even C to do measurements when you control both ends.

I can't really suggest software for doing ICMP timestamp measurements unidirectionally, hping2 supports sending ICMP timestamp but for some reason does not output unidirectional values. I wrote patch for hping2 to display one way latencies.

Network Monitoring – Measuring Per-Link Latency, Jitter, and Packet Loss

On Cisco devices, you can use Cisco IP SLA. You need to first configure and enable it, and then monitor the results.

Steps:

1. ip sla monitor operation-number

2. type echo protocol ipIcmpEcho {destination-ip-address | destination-hostname} [source-ipaddr {ip-address | hostname} | source-interface interface-name]

3. frequency seconds

4. ip sla monitor schedule operation-number [life {forever | seconds}] [start-time {hh:mm[:ss] [month day | day month] | pending | now | after hh:mm:ss] [ageout seconds] [recurring]

^{Configuration example took from Cisco: IP SLAs--Analyzing IP Service Levels Using the ICMP Echo Operation.}

Router> enable
Router# configure terminal
Router(config)# ip sla monitor 10
Router(config-sla-monitor)# type echo protocol ipIcmpEcho 172.29.139.134
Router(config-sla-monitor-echo)# frequency 300
Router(config-sla-monitor-echo)# exit
Router(config)# ip sla monitor schedule 10 start-time now life forever

To monitor:

show ip sla monitor statistics

Best Answer

Related Solutions

Measure one-way latency/jitter/packet-loss

Network Monitoring – Measuring Per-Link Latency, Jitter, and Packet Loss

Related Topic