Hello Wireshark community.
I keep getting plagued by a problem where a team keeps reporting issues with failed communication triggering alarms. They will report a 120 second loss even though our monitoring system polling does not. The end user says its not them. My suspicion is that it is related to the radio link latency introduced at times but not responsible for that equipment. The one responsible keeps putting the issue back on the network with the only data provided is that there is very little packet loss. I am not seeing any switchport errors and very little packet loss with an average latency of 129ms. I cannot install wireshark on the source system nor capture at the remote end due to it being unmanned and the problem being intermittent. I have setup a rolling packet capture on the field firewall to capture data from the datacenter server to the device at the end of the radio link. I know it is not the best but all I can really do.
My goal is to line up the next fault with some packet capture data. I figure I'll look at response time and retransmissions, dup acks during the time of the fault. I would appreciate any guidance towards a good analysis strategy and any documentation you've found extremely useful for such a situation.
Thanks in advance.
-E