Ask Your Question

Revision history [back]

The capture file is from the point of view of the host or the network device where the packet capture occurred.

You did not say if you capture on the client, the server or somewhere in between. In any case, one capture file may or may not show the packet loss. If you captured the packets on the server and see all the packets are present then the loss is probably occurring on the way to the client. This in itself helps you determine the direction of the traffic loss but not where exactly.

One way to troubleshoot is to capture at both the client and server at the same time. Since this is a Wireshark forum and not a network troubleshooting forum let me suggest ways to use Wireshark in your endeavour:

Try to reproduce the issue using ICMP traffic (PING) then check the Expert Info (circle at bottom left of the screen) for "Response not found" or other messages.

Check the Info column and see if Wireshark sees missing queries or replies.

You may want to display only ICMP Echo requests using display filter icmp.type == 8 && icmp.code == 0 and count the number of queries.

You can then display only ICMP Echo replies using display filter icmp.type == 0 && icmp.code == 0 and count the number of replies.

Good luck.