This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Using wireshark to troubleshoot a tcp connection?

0

Is it possible to use wireshark to troubleshoot a TCP connection? To clarify, i have looked at the FAQ/Wiki but i am overwhelmed by it, and the program doesn't seem very user friendly.

The problem i am encountering is this : I am getting very bad connections to certain players in a P2P game. All players are in Australia, the host has fiber internet, and I am the only one having problems. I have no problems with other players. This leads me to believe there is some kind of routing problem between me and these players specifically, but all tracerts that i have done (including TCP tracerts) are inconclusive as some hops are not configured to respond to ICMP or TCP requests).

I was hoping that wired shark might be able to point towards what is causing the problem, for example lots of problematic packets of some kind, or something.

Would anyone happen to know if wired shark can help, and if yes, how exactly to use it to identify the problem?

asked 13 Feb '17, 08:33

Question's gravatar image

Question
6224
accept rate: 0%

Yes, Wireshark can help troubleshoot these connections. As you've noted, it is an advanced troubleshooting tool though that usually requires a little patience and learning. Before digging in, have you done the basic troubleshooting (opened appropriate ports on your routers, looked at the game's FAQs and support, etc)? Also, if you know their IP addresses, can you ping them with 100 or 1000 packets? Does the ping test show drops or latency spikes?

If none of these yield results then I would move to Wireshark. You can filter on their IP addresses (capture or display filters...syntax is different!) and look for retransmissions, dropped packets, MTU issues, and more. The expert infos section is a great place to start after you've captured. Click on the circle in the bottom-left of the window. This will classify the various levels of detected issues and tell you what they are, how often they occurred, and take you to the packets in question. However, this too requires some knowledge to decipher true problems.

It can be a bit overwhelming at first, but it's a great tool once you get the hang of it! Just being here and asking the question is a great start! If you're looking for a 5-minute quick diagnosis though, this probably isn't for you.

(14 Feb '17, 09:57) csereno

@csereno : Yes, but i dont have access to the router (i live at a boarding house type of place). Every search ive tried on the issue has basically hit a dead end as nobody has any clue on what causes it, just some speculation.

I know the hosts IP addresses and the IPs of the game servers. I've done TCP tracerts to both, but they dont show any obvious packet loss or anything. The only thing in common is that I get really bad connection to certain hosts, all the time. Other players are fine, or mostly fine.

I'm not sure whether i should be doing UDP tracerts as well (if thats even possible).

This is a typical TCP tracert that i did to the game server : http://pastebin.com/GLuuC0TM

The only suspicious thing is the huge spike in latency from hop 4 to 5. I did a more detailed tracert with pingplotter, and it showed that hop 4 also keeps changing to different IPs, but apparently thats normal.

Ive done a couple of packet captures, but i don't see anything really obvious. Is there any chance you or someone else can help take a quick look?

The relevant ports are TCP 27023, 27005 and 27015. Not sure if UDP is relevant as well. These packet captures were done when I was trying to connect to a host and was experiencing problems (connection was established but was VERY laggy, consistently laggy, not spiking).

Wired shark capture data:

http://www.mediafire.com/file/1a43o4i3awrcmvu/rhyka.pcapng

http://www.mediafire.com/file/04sr0ictuehlw6j/kelly.pcapng

http://www.mediafire.com/file/cy5x5q0qwccwsak/wireshark.pcapng

(16 Feb '17, 08:02) Question