This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Summary wireshark

0

How to count packet loss in summary wireshark

asked 13 Jul '17, 02:45

wiwiasmara's gravatar image

wiwiasmara
6112
accept rate: 0%

Hardly.

To count lost packets, you first have to know that they should have been there. So you need to compare captures taken at source and destination, or there must be some packet numbering in the received flows you are interested in. So edit your question with more details, and you'll het a more detailed answer.

(13 Jul '17, 03:32) sindy

One Answer:

0

Do you mean, "How does Wireshark determine the number of dropped packets?"

Wireshark is relying on libpcap (or WinPcap) to report this information. Basically, it's the number of packets that were received and would have been placed into the kernel's buffer but which were dropped because the buffer was full, likely due to Wireshark not reading those packets out of the buffer fast enough.

Refer to Guy Harris' explanation here and my answer to this other question over at Stack Overflow, which is also based on Guy's superb explanations. These questions and answers happen to pertain to tcpdump, but Wireshark relies on the same mechanism essentially.

(If you mean something else, then kindly elaborate as sindy indicated.)

answered 13 Jul '17, 14:27

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%