I'm just stumped on how to visualize a TFTP issue I'm having. Overall, the latency is kind of all over the place so just graphing Data and Acks over time isn't cutting it. I really want to be able to quantify Retransmitted blocks (highlighted) and duplicated blocks (1 & 2).
Is this possible with Wireshark?
TFTP: Window Size = 8
Is this a PXE boot? Does it ever recover or once in this state does it fail?
"I really want to be able to quantify Retransmitted blocks (highlighted) and duplicated blocks (1 & 2)." This would be pretty easy with tshark and a shell script - grep, cut, sort, uniq, ....
Example here: https://ask.wireshark.org/question/59...
Here is an example doing it with Powershell: https://ask.wireshark.org/question/30...
Note to self: see RFC7440 - TFTP Windowsize Option (https://tools.ietf.org/html/rfc7440) and use RH/Centos for testing (https://bugzilla.redhat.com/show_bug....)
There is no logic in the TFTP dissector to identify retransmitted blocks (yet). You could write a Lua script to do this analysis, but that is not super-straightforward either.
Since there seems to be a restransmission timer of ~2 seconds (see time delta between frame 370705 and 370706), you could use a filter to display the packets that have an excessive delta time to the previous frame in the UDP conversation. The following filter will display all the TFTP packets that were received after a 1 sec pause in the UDP stream:
tftp and udp.time_delta > 1
Which will in practice show you the first packet of each retransmitted block.
Asked: 2019-10-01 23:56:07 +0000
Seen: 659 times
Last updated: Oct 02 '19
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.