This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

basic question on tcp function

0

Hi,

I would like to ask a beginners question, hope someone takes the time...

As much as I read a packet is said to be lost if there is no acknowledge packet returned to the sender before the corresponding RTT timer runs out. Now my question is, how it can be detected that a segment is lost and then retansmitted when being on the receiver side. I also found a filter tcp.analysis.retransmission. Would this lead to the same results as tcp.analysis.lost_segment ?? Or do they refer to different transmission directions?

Thank you for any help

Martin

asked 04 Oct '11, 08:14

Mr_M_from_R's gravatar image

Mr_M_from_R
1333
accept rate: 0%


One Answer:

2

Wireshark marks a segment as lost when there is a gap in the sequence numbers it has seen. So if you have 3 packets and Wireshark sees only packet 1 and 3 it can tell by the gap in the sequence numbers that after packet 1 there should have been packet 2. If it isn't you'll get a "previous segment lost" message for packet 3.

Retransmissions are detected by seeing another packet with the same sequence number as a previous packet, or if a packet was lost and issued later. In the case mentioned above you might get a "suspected retransmission" message when packet 2 comes in later.

answered 04 Oct '11, 08:27

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 04 Oct '11, 08:27