module can only analyse dumps of tcp connections, where the timestamp was enabled
capture files have to be from the sender perspective
detects: all data (!) retransmissions >= tsval-resolution after original (current Linux: 4ms)
the module analyses only one tcp flow direction at a time (use sender side file for the opposite flow if it was bi-directional and then aggregate results)
Spurious-Retransmission-Module Modes:
-m summary
Displays aggregated summary information
-m spurious
Displays information about every spurious retransmission
-m retransmissions
Displays information about retransmissions (i added this since i found that wireshark can have problems showing these). Uses colouring: blue is the base transmission (NOT a retransmission, has the same value for timestamp and time-first), white is a regular retransmission. -> #white_entries == #retransmissions (from -m aggregate)
-m list
Displays a wireshark like connection summary (default mode). Data-packets are green, acks are yellow, retransmissions (as with mode -m) blue for the base, white for every retransmission, spurious-retransmission are red (highest priority).
Issue with dumpfiles and commands as agreed on will follow.
also small fine-tuning spacing-data-ack. Notes:
Spurious-Retransmission-Module Modes: -m summary Displays aggregated summary information -m spurious Displays information about every spurious retransmission -m retransmissions Displays information about retransmissions (i added this since i found that wireshark can have problems showing these). Uses colouring: blue is the base transmission (NOT a retransmission, has the same value for timestamp and time-first), white is a regular retransmission. -> #white_entries == #retransmissions (from -m aggregate) -m list Displays a wireshark like connection summary (default mode). Data-packets are green, acks are yellow, retransmissions (as with mode -m) blue for the base, white for every retransmission, spurious-retransmission are red (highest priority).
Issue with dumpfiles and commands as agreed on will follow.