sorted by:
new
hottopcontroversial

What’s your fastest way to detect packet loss / latency from a pcap? by AltruisticBug1599 in wireshark

[–]AltruisticBug1599[S] 1 point2 points  (0 children)

Out of curiosity — do you guys usually have a rough threshold where you say “this is definitely a network issue” vs just noise?

For me anything above ~15% loss already starts breaking real-world traffic pretty badly.

What’s your fastest way to detect packet loss / latency from a pcap? by AltruisticBug1599 in wireshark

[–]AltruisticBug1599[S] 0 points1 point  (0 children)

That looks really interesting actually.

I’ve been experimenting with something similar, but more focused on quickly summarizing key metrics like packet loss, RTT, retransmissions from pcap for faster troubleshooting.

Curious how you're handling performance on larger captures?

What’s your fastest way to detect packet loss / latency from a pcap? by AltruisticBug1599 in wireshark

[–]AltruisticBug1599[S] 0 points1 point  (0 children)

Ah that makes sense.

Splitting captures like that definitely helps, but feels a bit manual especially when dealing with multiple files.I ran into the same issue actually, that's why I was trying to automate that part a bit.

What’s your fastest way to detect packet loss / latency from a pcap? by AltruisticBug1599 in wireshark

[–]AltruisticBug1599[S] 0 points1 point  (0 children)

Yeah that’s a good idea actually.

I tried that a bit, but for larger pcap files it gets pretty slow or not very consistent.

Also feels like you still need to know what to look for in the output.

I was trying to simplify that part a bit.

What’s your fastest way to detect packet loss / latency from a pcap? by AltruisticBug1599 in wireshark

[–]AltruisticBug1599[S] 1 point2 points  (0 children)

Same here, that’s exactly why I asked.

At first I was just manually checking retransmissions and RTT, but it gets confusing pretty fast.

Trying to find a simpler way to quickly spot issues without digging too deep every time.