February 2019, Reading time: 1 minute
This post is based on a question on wireshark.org and all credit goes there to Kurt Knochner. I just thought it would be nice to test it.
So I launched wireshark and I tried to connect to 18.104.22.168 port 80, which I know it won’t reply. if you use as display filter “tcp.flags eq 0x02”, this will show only the packets with SYN flag set. In this case it is easy to see the retrasmission, but what if you had thousands of packets to check?
The recommended way to identify these packets is to go to Statistics, Conversations, select the tcp tab, click the limit to display filter box in the bottom, and sort by packets.
You see in the first row I have 3 packets, this is due to retrasmissions, and indicates that I sent a SYN and I didn’t get a SYN-ACK. Now in reality this can be a server issue, a firewall issue, or even a bad connection issue.
In any case, have a nice troubleshooting