Wireshark mailing list archives
Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN
From: Farooq Razzaque <farooq_mcp () hotmail com>
Date: Mon, 26 Sep 2011 17:36:29 +0500
Dear Lars Really thanks for your support. Can u please let me know that is this the wireshark or RTP behaviour of showing the duplicate packets in negative value
From: lars.ruoff () alcatel-lucent com To: wireshark-users () wireshark org Date: Mon, 26 Sep 2011 13:56:49 +0200 Subject: Re: [Wireshark-users] Wireshark RTP Stream - Packet Lost in Neg value over the WAN Farooq, (I put this back on the list if you don't mind, so others can comment and it gets archived.) In reality, there were only 1744/4 = 436 unique RTP packets sent between the endpoints. But Wireshark captured each packet 4 times. (Note that your packet counts are always multiples of 4) Each duplicate packet (packet with same RTP sequence number) gives rise to a lost count of -1. Thus from the 1744, 436 were unique, the remaing 3/4 i.e. 1308 are duplicate. Thus a lost count of -1308, corresponding to -300% of the 100% unique packets. Hope this is clear. regards, Lars ________________________________ From: Farooq Razzaque [mailto:farooq_mcp () hotmail com] Sent: lundi 26 septembre 2011 12:21 To: jaap.keuter () xs4all nl; RUOFF, LARS (LARS)** CTR ** Subject: RE: [Wireshark-users] Wireshark RTP Stream - Packet Lost in Neg value over the WAN Dear Lars/Jaap Thanks for your support. we are SPANing the data on cisco switch and forwarding to Alcatel and Cisco recording machine. monitor session 2 source interface x monitor session2 destination interface x. Can u please let me know how the following can be seen by analysis engine by 4 times. how it is calculate Number of packet = 1744 Lost -1308 (-300) <http://www.flamingtext.com/hmail.html>From: lars.ruoff () alcatel-lucent com To: wireshark-users () wireshark org Date: Mon, 26 Sep 2011 09:44:30 +0200 Subject: Re: [Wireshark-users] Wireshark RTP Stream - Packet Lost in Neg value over the WAN Hi, No, since you (almost) consistently have -300% all the time, it is most likely that every packet has been seen exactly 4 times by the analysis engine, but no packets have been lost. (It is an artefact of the RFC3550 lost packets algorithm that duplicate packets are counted as negative losses) However, as Jaap noted, in order to get more readable data, you should fix your capture setup issue which makes you see every packet multiple times. Regards, Lars ________________________________ From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Farooq Razzaque Sent: same! di 24 septembre 2011 19:04 To: wireshark-users () wireshark org Subject: [Wireshark-users] Wireshark RTP Stream - Packet Lost in Neg value over the WAN Dear All Can u have a look at the attached screen shot of wireshark. In LOST COLUMN it is showing 300% , -299.7% pack lost. Do u have any idea that are these packet loss is normal/abnormal. IP phones ( 172.20.24.x) are located in one branch and Recording machine (172.20.19.17) is located in other branch. SPANing is happing over the WAN via L2TPV3. IP Phones : 172.20.24.X (IP Phone) 172.20.19.17 (Recording machine) ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-use! rs () wireshark org> Archives: http://www.wireshark.org/lists/ wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark RTP Stream - Packet Lost in Neg value over the WAN Farooq Razzaque (Sep 24)
- Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN Jaap Keuter (Sep 24)
- Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN Farooq Razzaque (Sep 25)
- Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN RUOFF, LARS (LARS)** CTR ** (Sep 26)
- Message not available
- Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN RUOFF, LARS (LARS)** CTR ** (Sep 26)
- Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN Farooq Razzaque (Sep 26)
- Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN RUOFF, LARS (LARS)** CTR ** (Sep 26)
- Message not available
- Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN Farooq Razzaque (Sep 26)
- Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN RUOFF, LARS (LARS)** CTR ** (Sep 27)
- Message not available
- Re: Wireshark RTP Stream - Packet Lost in Neg value over the WAN Jaap Keuter (Sep 24)