0

I need to analyze packet loss bursts in TCP streams. Given a number X a packet lost burst is when more then X consecutive packets got lost. So I have a pcap file and need to count how many bursts there were and what was the duration of each. Tried Tshark but the output is by seconds.

Is there a toll or a script? should I change Tshark code?

nmnir
  • 101

1 Answers1

0

How would you know when a packet is lost? Don't you need to compare two packet captures for that? One at the source and a second capture at the destination? Given two capture files, I can imagine doing a diff between them will result in the lost packets. With line numbers included, it should become rather easy to determine whether or not X consecutive packets were lost.

Tommiie
  • 5,627
  • 2
  • 12
  • 46
  • tshark/wireshark can calculate loss by counting re-transmissions or duplicate acks. no need to to capture on the source and on the destination. In real life you can capture on the server, not on the clients. – nmnir Sep 13 '18 at 11:06