how to identify packets that have been lost due to congestion, corruption, timeout and are being re-transmitted using Ethernet/IP/TCP headers?

Nov 30, 2013 at 8:37 PM

Using the sample program in the site I am able to sniff packets travelling to and from my localhost on tcp port 80.
Now when I am opening a website I am able to clearly see the 3 way TCP handshake happening (which is very exiting :) ).
What I want to do next is identify packets that were lost due to congestion/corruption/timeout in the network and are being re-transmitted. Is there a way to do this is the pcap program?

What I did was filter packets in my program using the conditions :
if (tcp.IsCongestionWindowReduced == true) - to get packets lost and being re-transmitted due to congestion

ip.IsHeaderChecksumCorrect == false || ip.IsTransportChecksumCorrect == false - to get packets lost and being re-transmitted due to packet corruption

Is this correct?
Also how to identify packets lost due to timeout?

Dec 6, 2013 at 10:06 AM
How to sniffed the packets from your localhost on tcp port 80? Could you please share the code with me? I try to do it, but it is not work in my sample.

Dec 21, 2013 at 7:05 AM
Hi dgpshiva,

I think it's better if you look at capture file in Wireshark and decide how to identify the packets you want to identify.
After you have a definition of what packets you want to identify, it's easier to come up with a way to do it using Pcap.Net.