Why doesn't Wireshark Expert Information show TCP re-transmissions?

asked 2019-07-23 19:25:11 +0000

Glenn Varnon gravatar image

updated 2019-07-24 03:31:28 +0000

Guy Harris gravatar image

I have a file that has TCP Retransmissions in it. Yet when I click on "Expert Information", I get only Warnings, Notes and Chat. I look in each of those sections and none of those retransmissions pop up. You'd think that they would.

edit retag flag offensive close merge delete

Comments

Do the frames with retransmissions have a "[SEQ/ACK Analysis]" section in the packet details for TCP, with a "This frame is a (suspected) retransmission" item underneath it?

If not, is the "Analyze TCP sequence numbers" preference for TCP enabled?

Guy Harris gravatar imageGuy Harris ( 2019-07-23 20:09:27 +0000 )edit

Yes, this is what it looks like.

[SEQ/ACK analysis]
    [Bytes in flight: 2]
    [Bytes sent since last PSH flag: 2]
    [TCP Analysis Flags]
        [Expert Info (Note/Sequence): This frame is a (suspected) retransmission]
        [The RTO for th
Glenn Varnon gravatar imageGlenn Varnon ( 2019-07-24 14:15:52 +0000 )edit

Wireshark version?

grahamb gravatar imagegrahamb ( 2019-07-24 15:21:36 +0000 )edit
[Expert Info (Note/Sequence): This frame is a (suspected) retransmission]

But no Note-level expert info shows up for that frame?

It works for me with a recent build from the master branch, if I open a capture with frames flagged as retransmissions and select Analyze > Expert Information. So, as Graham asks, what version are you running?

Guy Harris gravatar imageGuy Harris ( 2019-07-24 17:36:32 +0000 )edit

The version is 3.0.2.

Glenn Varnon gravatar imageGlenn Varnon ( 2019-07-24 18:11:51 +0000 )edit
see more comments