Wireshark-users: Re: [Wireshark-users] Detect packet loss with tshark.
On Mar 2, 2009, at 5:01 PM, H Aslam wrote:
I've got tshark up and running on a embedded linux.
How can I best detect packet loss with tshark?
That depends on the type of packet loss you're trying to detect.
If I intentionally make some packetloss in a video stream I have to
detect them somehow.
Is there some form of sequence number in the video stream - whether in
the video packets or in packets at a layer above it, such as the
transport layer - so that packet N in the stream is supposed to be
followed by packet N+1 (or, if the transport is TCP and the higher-
level video stream is assuming the transport is reliable and doesn't
provide its own sequencing, the packet with bytes [M, N) is followed
by a packet with bytes [N, O))?
If so, then if TShark's dissector for the protocol in question keeps
track of the packet sequence numbers that it's seen, it could report
packet loss to a tap, although if packets can arrive out of order
that's a bit more complicated (i.e., in that case, seeing a gap in the
sequence numbers doesn't necessarily mean packet loss).
Note that this doesn't handle the case where the packet *capture*
mechanism drops packets; unfortunately, libpcap has no provision for
putting capture-mechanism packet drop indications into the packet
sequence, so Wireshark currently can't say "oops, I dropped some
packets here, so I might indicate packet loss when *I'm* the one who
lost the packets, not the network or the application".
