TCP-based issues
The Expert Infos tab is a pretty good indicator of any problems that occur due to issues with TCP; otherwise, we can also use the display filter, tcp.analysis.flags, to narrow down any TCP issues identified by Wireshark. The following are some commonly faced TCP problems and their respective display filters:
Previous segment not captured (
tcp.analysis.lost_segment)Duplicate ACKs (
tcp.analysis.duplicate_ack)TCP fast retransmissions (
tcp.analysis.fast_retransmission)TCP retransmissions (
tcp.analysis.retransmission)Out-of-order Segments (
tcp.analysis.out_of_order)Zero window (
tcp.analysis.zero_window)
The important points to note are:
Whenever packets are being lost on the network, we will note fast retransmissions and/or retransmissions on the wire. The general rule of thumb is that duplicate ACKs lead to fast retransmissions and expired Request Time-Outs (RTOs) at the sender leads to retransmissions.
Expert Infos window indicating fast retransmissions and retransmissions under...
