There are some indicators that may help, depending on what the protocols in use are. If you're looking for packet loss in TCP conversations you'll see that Wireshark will mark some packets as "previous segment not captured" followed by "Duplicate ACKs" from the other side, and finally a "retransmission". For UDP or other protocols its not that easy and requires deeper knowledge about how the application protocols work.
I have to add that Wireshark may show "previous segment not captured" messages even when there is no packet loss on the network, so make sure that you look for the other messages as a result as well. Isolating TCP connections is advised to avoid confusing packets from multiple TCP sessions with each other. Easiest is to use "Follow TCP Stream" from the popup menu; more advanced users often use conversation filters instead.
If you enjoy the comfort of being able to capture at both ends of the network path, it is the best option, as when you see a lost packet by the protocol-specific indicator, you can see whether it has not been sent at all or whether it has been lost somewhere along the way.
Agreed with Sindy. If you can capture at multiple points along the network path, this will give you better visibility, enabling you to see not only if something drops, but also help narrow down where it is being dropped.
Also,in my experience, unless you have a network that is regularly up and down (think bad wireless shot in a blizzard) most often, packet loss is attributed to one of the endpoints.
Asked: 2018-01-17 09:21:21 +0000
Seen: 22,345 times
Last updated: Jan 17 '18
