Analysing Packet Loss

Troubleshoot network issues with Colasoft
Posted by on | Featured | No Comments

Locate the Source of Packet Loss with a Network Analyser

Packet loss is usually difficult to troubleshoot, especially when only armed with open source tools like Wireshark. Sure power users of Wireshark can be extremely effective however for the average user trying to find network issues having specialist tools helps accelerate MTTI (mean time to innocence) or MTTR (mean time to repair) if you have to fix the issue yourself.

There are many possible causes for packet loss and in this example, we are using Capsa Network Analyzer to look into the source of packet loss through expert packet analysis.

Problem Description

When data is transmitting over a data network, one or more packets may fail to reach their destination.

Packet loss can be caused by multiple factors including network congestion, the performance or policy of networking devices, and networking hardware faults.

To simply test the packet loss rate, you can use either ping on your PC/Mac or Colasoft Ping Tool:

Colasoft Ping Tool (Free)

Troubleshooting Packet Loss

To monitor network packet loss to thereby monitor the quality of the network, you can use Colasoft Capsa as mentioned above.

There is a Diagnosis View on Capsa which is a type of ‘expert analysis’ to help with pin pointing issues without arduous time spend combing through packets.

The majority of times TCP Retransmission events highlight that there is a strong chance of packet loss on the network (according to the transmission policy based on TCP/IP protocols, the packet will be retransmitted if it is lost).

Diagnosis Window with TCP Retransmissions

Double-clicking the TCP Retransmission event brings up:

TCP Retransmission Details

The detail window highlights the packet(s) of interest and further drilling into this specific event brings up another window to show the decoding information. According to the Sequence number and the Acknowledge number, it is determined that there is packet loss on the network.

Packet Decode Level

Additionally (using a different flow example) from Capsa’s TCP Conversation window packets can be sorted from highest TCP Retransmissions to lowest thereby prioritising the areas of interest and also providing access to the full transaction for further analysis.

Order by Retransmissions

Right Clicking on the Flow in question provides a window giving a full bounce diagram and provides insights into a when and where with the retransmissions.

Full Bounce Diagram of the Flow

Depending on the capability of the network packet loss to some extent can be inevitable. Understanding what is and isn’t a problem is the key. As in the first example above understanding bad loss (as above with 257 lost packets) to say just a single packet is very important for time sensitive troubleshooting.

Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.