What's the difference between TCP dropped segments out and retransmissions out?

gettingstarted

#1
  • Dropped segments out = # packets dropped on the way from the current device to other devices
  • Retransmissions out = # of times data is resent by the current device to other devices

Notice the word “times” in the retransmissions description. the ExtraHop “retransmissions out” counter may be less than “dropped segments out” counter, because multiple consecutive dropped segments may be retransmitted together in one retransmission episode. The appliance counts retransmission episodes, not packets (see explanation below). Pretty slight difference, but significant and may account for a difference in how some other tools present the same information.

Explanation:
The ExtraHop appliance records a retransmission per-episode to be consistent with TCP analysis papers. In other words, consider this:

Packets A B C D transmitted

B and C are dropped. That’s 2 drops.

B and C are now retransmitted in one shot back-to-back. That’s one retransmission episode (i.e. one recovery.) So 1 retransmission episode comprising two segments.


#2

Is there a way Extrahop can track down TCP out of state and TCP transmissions over the entire span?