Wireshark-users: Re: [Wireshark-users] Question about "TCP previous segment lost" in LAN
Xu nanxuan wrote:
I set up a LAN as the test Environment, including one FTP server and one
client and no other net conmmunication resources(So I think it should be
a "clean" net env.).However, when I download a file from the server,
there are still lots of packets which info are "TCP previous segment
lost".
There is no guarantee that the machine capturing network traffic will
capture every single packet on the network; if packets arrive too fast
for the program capturing the traffic to handle, packets might be dropped.
1. What's the reason about this?
Perhaps packets are getting dropped in the capture process.
2. I also find an interesing phenomenon: the "Tcp previous segment lost"
packet appears about every 100ms (Both the server and client are Windows
OS).
Perhaps every 100 ms something is happening on the machine doing the
capturing that takes enough CPU time, or disk bandwidth, or network
bandwidth, or..., so that packets are dropped in the capture process.
Are you doing an "Update list of packets in real time" capture with
Wireshark? If not, try not doing so - turning off "Update list of
packets in real time" will significantly reduce the amount of CPU time
and bus bandwidth required by Wireshark while capturing.
Are you using a capture filter that discards as much of the traffic
you're not interested in as possible? If not, try doing so - that'll
reduce the amount of traffic passed to the capture mechanism, so that
the capture mechanism, and Wireshark/TShark/dumpcap, won't have to
handle as much traffic, and might be less likely to drop packets.
What operating system is the host doing the capturing running?
See also the "Packet drops while capturing" section of
http://wiki.wireshark.org/Performance
