Notes events and understanding them
As described earlier, when Wireshark indicates that an event may cause a problem but is still inside the normal behavior of the protocol, it will be under the Notes bar. TCP retransmission, for example, will be displayed under the Notes bar because even though it is a critical problem that slows down the network, it is still under the normal behavior of TCP.
Getting ready
Start capturing or open an existing file and start the Expert Infos window.
How to do it...
From the Analyze menu, open Expert Infos by clicking on Expert Info.
Click on the Notes bar. You will get the following window (all events are examples):
You will see here several event categories:
Retransmissions, duplicate ACKs, fast retransmissions that usually indicate slow network, packet loss, or very slow end devices or applications
Keep-alives that indicate TCP or application problems
Time to live and routing events that in most cases indicate routing problems
Tip
Additional events will be discussed...
