Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I often need to troubleshoot packet captures where Wireshark does not have a dissector or proprietary protocol then the trick is count packets.

Try this. Filter by UDP stream. If the stream, started and ended at the same time then the packet count will be the same in all the captures.

Filter by UDP stream and source IP address. If the stream, started and ended at the same time then the packet count will be the same in all the captures.

Filter by UDP stream and destination IP address. If the stream, started and ended at the same time then the packet count will be the same in all the captures.

If the UDP stream, started and end at different times then align all the captures and verify if the count is the same.

Check the IP ID in one direction only and see if they are sequential. That is one pattern to check for packet loss.

Send a response if that doesn't work or you need help on the next step(s).