Network issues analysis could be very time consuming and complicated.
I’ve seen people struggle at every step along the way to the RCA, especially if they are new to troubleshooting.
I know I’ve had my fair share of struggle when I was young.
I have been working on a small utility that automates network issues analysis for TCP protocol.
For a proper RCA of a network issue you need two capture files, one from source machine and one from target machine.
The utility workflow consists of five parts:
- Read two capture files and get all TCP streams
- Match TCP streams based on 5-tuple + time
- Ask user which TCP stream he would like to analyze
- Compare and diff TCP payloads from two files
- Analyze termination (TCP FIN/RST) of the TCP stream
RFC PATCH is out on the mailing list:
https://lists.wireshark.org/archives/wireshark-dev/202509/msg00014.html
The same commit on the Gitlab:
https://gitlab.com/rustylife/wireshark/-/commit/57366e7d9e4666f10c8e932ad6e9e668076f009b