7

I need to test packet loss for an FTP application. I used the Wireshark packet sniffer, and I got TCP Stream.

How do I find the packet loss using Wireshark?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
krishnakumar
  • 2,187
  • 5
  • 21
  • 24
  • 1
    Where are you running Wireshark - on the FTP client machine, the FTP server machine, or another machine hanging off the network on a hub? – Vicky Jun 30 '09 at 11:21
  • 1
    This is not programming related, should maybe go on serverfault – Andre Miller Jun 30 '09 at 11:34

2 Answers2

6

Packet loss and other related metrics like bit error rate (BER) can be hard or impossible to empirically see by looking at dumps in Wireshark, depending on what layer you're wanting to look at. And a lot of it is highly dependent on what protocols you're using and what software/firmware is implementing it.

I had this exact experience with Wi-Fi routers, for example. I needed to empirically test the BER of a given Wi-Fi link. But it turns out that 802.11 has a TCP-like CRC based retransmit system that all occurs at the link layer.

So, for example, you may send a UDP packet from Wi-Fi device A to Wi-Fi device B. In transit, a couple of bits get flipped, device B sees that the CRC is wrong and sends a request for retransmit. The packet gets sent again, and again gets corrupted. On the third try, though, the packet gets through fine.

From this, you would hope to see some kind of packet loss metric right? Well, unfortunately no. This whole interchange happens below Wireshark. All it sees is a UDP packet get sent successfully, but take three times as long as normal to get there. (I wound up having to make kernel modifications to send out a notice when link layer CRC errors occurred. It was a mess!)

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
AltF4
  • 607
  • 6
  • 13
-1

[Zr40 points out below that this part is wrong: To expand on my comment - Wireshark does tell you the number of dropped packets in the status bar at the bottom (I just ran a sample capture and it says "Packets: 65 Displayed: 65 Marked: 0 Dropped: 0") but I'm not certain whether you'll get the same results out of it depending on which end you're running it at.]

In which case - I suppose you'd need to run Wireshark at each end and look at the packet statistics (number of packets A->B, B->A) and compare the differences. You can't rely on TCP retries etc as this doesn't necessarily mean the packet is lost.

Also, you'll need to set up a capture filter for FTP only unless you want your statistics to be skewed by other stuff like ARPs, DNS lookups, etc.

Vicky
  • 12,934
  • 4
  • 46
  • 54
  • 'Dropped' in that context means that Wireshark couldn't capture packets fast enough so some were ignored. – Zr40 Jun 30 '09 at 11:26