Locate the Source of Packet Loss with a Network Analyser
Packet loss is usually difficult to troubleshoot, especially when only armed with open source tools like Wireshark. Sure power users of Wireshark can be extremely effective however for the average user trying to find network issues having specialist tools helps accelerate MTTI (mean time to innocence) or MTTR (mean time to repair) if you have to fix the issue yourself.
There are many possible causes for packet loss and in this example, we are using Capsa Network Analyzer to look into the source of packet loss through expert packet analysis.
Problem Description
When data is transmitting over a data network, one or more packets may fail to reach their destination.
Packet loss can be caused by multiple factors including network congestion, the performance or policy of networking devices, and networking hardware faults.
To simply test the packet loss rate, you can use either ping on your PC/Mac or Colasoft Ping Tool:
Troubleshooting Packet Loss
To monitor network packet loss to thereby monitor the quality of the network, you can use Colasoft Capsa as mentioned above.
There is a Diagnosis View on Capsa which is a type of ‘expert analysis’ to help with pin pointing issues without arduous time spend combing through packets.
The majority of times TCP Retransmission events highlight that there is a strong chance of packet loss on the network (according to the transmission policy based on TCP/IP protocols, the packet will be retransmitted if it is lost).
Double-clicking the TCP Retransmission event brings up:
The detail window highlights the packet(s) of interest and further drilling into this specific event brings up another window to show the decoding information. According to the Sequence number and the Acknowledge number, it is determined that there is packet loss on the network.
Additionally (using a different flow example) from Capsa’s TCP Conversation window packets can be sorted from highest TCP Retransmissions to lowest thereby prioritising the areas of interest and also providing access to the full transaction for further analysis.
Right Clicking on the Flow in question provides a window giving a full bounce diagram and provides insights into a when and where with the retransmissions.
Depending on the capability of the network packet loss to some extent can be inevitable. Understanding what is and isn’t a problem is the key. As in the first example above understanding bad loss (as above with 257 lost packets) to say just a single packet is very important for time sensitive troubleshooting.
Leave a Reply