I am getting retransmission for each packet in my Wireshark log.
Hi. I am new user of Wireshark. I am getting retransmission for each packet in my Wireshark log. Why every packet is retransmitted ? if it is retransmitted due to Wireshark capture then how to disable this ? does this network has any issue since there is multiple retransmission ??
I uploaded the capture file at below link.
That's a pretty big file. Can you save out a few thousand packets into a smaller file and post a link.
From what I saw, you're capturing duplicates of the packets. (maybe from a span port?)
There is a preference in the frame protocol to generate a MD5 hash for each packet. Compare these to see if the packets are identical.
I checked the pockets are identical.
I have uploaded the 1 MB file. please check and suggest. Does this duplicate packets increase network load ?
https://ftp01.bh.yokogawa.com/message...
Your capture setup is not normal - not only are your specific TCP packets duplicated, you get 18 copies of broadcast/multicast frames.
So I wonder - you are on a mirror port destination, collecting traffic, and you have 18 ports mirrored to this single destination? The unicast is flowing on two of them due to L2 filtering so you see unicast twice (once from each link), but it is an unmanaged infrastructure device so multicast and broadcast is sent to all ports, so you pick up multiple copies. You have 172 and 192 networks all intermingled so actually not really sure what you have going on - typically a vlan is a subnet but you could be mirroring multiple vlans, or doing something else.
Just guessing... probably does not impact unicast communications as it might just be an artifact of the capture system. Please describe your network/capture setup.