Wireshark TCP sequence analysis

Wireshark has a built-in filter, tcp.analysys.flags, that will show you packets that have some kind of expert message from Wireshark; tcp.analysis.flags is shown in the TCP section of the Packet Details pane. Under that, expand SEQ/ACK analysis then expand TCP Analysis Flags. This will tell you exactly what triggered tcp.analysis.flags. A few examples include:

TCP Retransmission
TCP Fast Retransmission
TCP DupACK
TCP ZeroWindow
TCP ZeroWindowProbe

TCP retransmission

TCP makes the transmission of segments reliable via sequence number and acknowledgement. When TCP transmits a segment containing data, it puts a copy on a retransmission queue and starts a timer; when the acknowledgment for that data is received, the segment ...

Get Packet Analysis with Wireshark now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Packet Analysis with Wireshark by Anish Nath

Wireshark TCP sequence analysis

TCP retransmission

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly