At one point or another, anyone who captures packets will see a TCP Retransmission. Even in the best of network environments, packet loss will happen from time to time – hey, TCP is built to handle it so don’t worry that the sky is falling! Of course, if you see a bunch of them, that’s a problem.
In Wireshark, there are several ways that a retransmission can be categorized, depending on the behavior. In order to make the best next-step decision, it is important to understand each type of retransmission and what it indicates.
TCP Retransmission – This is a plain-Jane retransmission. Wireshark observed a packet in a TCP conversation with a sequence number and data, and later observed another packet with the same sequence number and data. These are typically sent after a retransmission timer expires in the sender. There are some gotchas, but this is the general definition.