I'm getting "TCP missing data" during capture analysis. Capture was performed using 128Mb slices. What are the possible reasons?
Well, first I am not sure from your description what program you are using to capture the data with. I will assume you are using Snoop. You might try cutting the snap length down so the buffer won't fill up as fast. That could be the cause of your packet loss.
Some items to consider while troubleshooting this problem would include. Is IP fragmenting the applications packets? Also check to see how TCP is handling the segments. Look at the Maximum Segment Size and the Sender Window Size. Many times problems with TCP are evident by either: 1) The same segment being rebroadcast over the wire. If faced with this type of scenario the segment is being dropped before the target receives the information. It is an indication of network congestion. 2) The target is returning a Window Size of zero. Finding this during your capture will indicate that the target buffer is full and can receive no more data (host congestion).
Dig Deeper on Network management and monitoring
Related Q&A from Michael Gregg
Enterprise security expert, Michael Gregg answers a question regarding port 3389 issues when a user tries to open port 3389 RDP on their router to ... Continue Reading
Security expert Michael Gregg discusses the disadvantages to a layered approach to enterprise security. Continue Reading
Security expert Michael Gregg fields a question about unknown network cards gaining access to a user's network. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.