UDP Packet Loss
I am trying to analyze a video streaming application in Wireshark. I can see that it uses UDP for video, audio and data. I'm interested in knowing how to estimate packet loss. How can I do it?
I am trying to analyze a video streaming application in Wireshark. I can see that it uses UDP for video, audio and data. I'm interested in knowing how to estimate packet loss. How can I do it?
I often need to troubleshoot packet captures where Wireshark does not have a dissector or proprietary protocol then the trick is count packets.
Try this. Filter by UDP stream. If the stream, started and ended at the same time then the packet count will be the same in all the captures.
Filter by UDP stream and source IP address. If the stream, started and ended at the same time then the packet count will be the same in all the captures.
Filter by UDP stream and destination IP address. If the stream, started and ended at the same time then the packet count will be the same in all the captures.
If the UDP stream, started and end at different times then align all the captures and verify if the count is the same.
Check the IP ID in one direction only and see if they are sequential. That is one pattern to check for packet loss.
Send a response if that doesn't work or you need help on the next step(s).
It depends. If the stream is encapsulated in a RTP over UDP stream it is very easy. Wireshark has some analysis tools in the Telephony:RTP menu
In the attached I took the sample H.265 over RTP file at https://gitlab.com/wireshark/wireshar... and deleted 3 frames. As you can see the RTP Streams tool shows 4 missing (apparently the sample already has a loss). You can also use the more detailed RTP Stream Analysis tool to show which frames are missing.
If you are sending raw UDP without a RTP encapsulation, I would still expect their to be a sequence number in the payload that you can look for missing frames. You could then write some LUA code to a delta between that sequence number and say that in the previous frame (in the same UDP stream). If the delta wasn't one, than you could flag there being a missing frame (or at least it is out of order)
Thank you for your answer. Appreciate it! It is raw UDP without RTP encapsulation. I am not an advanced Wireshark user. Could I request to kindly explain on how I can do this please "a sequence number in the payload that you can look for missing frames. You could then write some LUA code to a delta between that sequence number and say that in the previous frame (in the same UDP stream). If the delta wasn't one, than you could flag there being a missing frame (or at least it is out of order)"
To detect packet loss, the application being transported over UDP MUST have some sort application specific packet (or sequence) number so that the receiver can not missing packets and take some action.
You must determine where in the packet data this number occurs and then you can write a dissector to process it, i.e. effectively reverse engineering the data format.
Please start posting anonymously - your entry will be published after you log in or create a new account.
Asked: 2021-05-20 23:32:55 +0000
Seen: 5,609 times
Last updated: May 22 '21
Why would I be getting "LEN 1 (Malformed Packet)"... "(Malformed Packet: RTCP)" on UDP Packets
Monitoring UDP data on wireshark shows ARP packet
How do I use the fragment_add_seq_check function in UDP packet reassembly?
Is it possible to use reassembly on non-split packets?
How do I dissect packets if the dissection depends on information from earlier packets?
What is the udp.length display filter actually for?
IO Graph: Plot ICMP response time
How do i export RTP-UDP(UNICAST and MULTICAST Stream to a VLC Playable-file
Broken save and copy function in Statistics/UDP Multicast Streams