Wireshark-users: Re: [Wireshark-users] Packet Capture
From: Sake Blok <sake@xxxxxxxxxx>
Date: Tue, 12 Feb 2008 12:06:10 +0100
On Mon, Feb 11, 2008 at 05:44:35PM -0600, Andy Alguire wrote:
> Hello I need help in figuring out this capture. We are seeing 
> network disconnect daily,

What do you mean when you say "network disconnect"? What are the
symptoms?

> primarily at end of day when users are logging out.

Are the users turning off their PC's? Or are they just logging out
from their OS?

> I would really appreciate some help as I have 
> hired professionals to analyze the network and they have come 
> up with nothing. Thanks

Not even an action plan to pinpoint the problem? Shame on them!

> 55868	18793.777250	10.8.72.31	10.8.74.158	TCP	[TCP Previous segment lost] [TCP segment of a reassembled PDU]
> 
> 56005	18846.010073	10.8.72.31	10.8.74.105	TCP	[TCP Previous segment lost] [TCP segment of a reassembled PDU]

These selected packets do not tell much without their context. It
just tells you that there were some packets missing in the capture
file. They could have also been absent on the network or they could
just have not been seen by the capture program.

Cheers,
    Sake