This also means that packets will not always be flagged as retransmissions when the first packet isn't seen. One of those things is the fact that a packet is a retransmission or not. It's important to know that everything between square brackets is calculated by wireshark and not directly visible in the tcp headers. If you’re investigating a slowness complaint, and when you pull up a pcap in wireshark that shows hundreds of retransmits happening, where do you start? How do you delve into that to try to decipher what is actually happening to cause that?Īre there certain filters or charts you like to use in wireshark that can streamline the process? Which direction will you see retransmits match? (Assuming unidirectional packet loss) will you see more retransmits from the lossy side to the non-lossy side? Or vice versa? I also remain confused about retransmits in situations where the root cause is packet loss. Like just one dropped or delayed packet results in a literal spray of several retransmits.
I’ve read and watched videos on how tcp sequence and acks work, but when faced in front of a packet capture with many retransmits I often find myself scratching my head anyways thinking “what’s actually going on here?” Sometimes I’ll see stuff like several retransmits in a single burst of time and have to wonder if it’s just spamming.
This seems to be an endlessly complex topic.
0 kommentar(er)
