This seems to be an endlessly complex topic. I’ve read and watched videos on how tcp sequence and acks work, but when faced in front of a packet capture with many retransmits I often find myself scratching my head anyways thinking “what’s actually going on here?” Sometimes I’ll see stuff like several retransmits in a single burst of time and have to wonder if it’s just spamming. Like just one dropped or delayed packet results in a literal spray of several retransmits.
I also remain confused about retransmits in situations where the root cause is packet loss. Which direction will you see retransmits match? (Assuming unidirectional packet loss) will you see more retransmits from the lossy side to the non-lossy side? Or vice versa?
If you’re investigating a slowness complaint, and when you pull up a pcap in wireshark that shows hundreds of retransmits happening, where do you start? How do you delve into that to try to decipher what is actually happening to cause that?
Are there certain filters or charts you like to use in wireshark that can streamline the process?
Thanks for any advice you can give.
No comments:
Post a Comment