How do you identify packet loss in a TCP trace using Wireshark?

When TCP experiences loss, recovery happens through retransmissions driven by missing acknowledgments and the arrival of duplicate ACKs. The clearest way to spot this in a Wireshark trace is to rely on the tcp.analysis indicators: look for retransmissions, fast retransmissions, and lost segments that Wireshark marks as you capture. Filtering for tcp.analysis.retransmission, tcp.analysis.fast_retransmission, or tcp.analysis.lost_segment highlights exactly where the sender retried data or where the receiver signaled a missing segment. This approach gives you a precise view of where loss occurred and why the retransmission was triggered, along with the related sequence and acknowledgment numbers. Why not other options? The IP total length field only tells you packet size, not whether data was lost. Examining TCP flags alone shows control bits, not whether a segment was lost or retransmitted. A time delta between ACKs can hint at potential loss but isn’t definitive without the explicit retransmission indicators. The built-in tcp.analysis flags provide the direct evidence you need to identify and analyze packet loss in a TCP stream.