Packet Loss 101
What are packets?
Packets are fundamental units of binary data that are numbered and transmitted between network-connected devices, whether locally, or over the internet. Once a packet arrives at its destination, it is reassembled by number with other packets back into the larger message that was originally transmitted.
A great visual example is when the kid Mike TV from Willy Wonka gets sent across the network as millions of little bits and is then reassembled on the other side ( although miniaturized in this case).
Packets are the building blocks of everything we can send or receive online. When you download an image, send an email, log in to a zoom call, or check out with your amazon cart, packets power all of this behavior.
What is packet loss?
Packet loss occurs when a packet or packets do not reach their destination. There are many reasons that packet loss can occur. It’s also the network’s way of communicating link saturation back to the TCP.
Transmission Control Protocol, TCP/IP is the main protocol used for internet operations. TCP breaks down files into tiny, numbered packets of data and sends them to a router to process. The TCP at the receiving end puts the file back together.
If the router can’t keep up with the volume of packets being sent, it lets the TCP know this by dropping/discarding packets. When a packet is successfully transmitted, it returns a confirmation receipt to the source.
When the TCP does not receive this returned acknowledgment before a certain time lapses, it resends the packet at a slower speed so the receiving router can keep up without dropping packets.
The amount of time it takes a packet to reach its destination is what we call latency. And the fluctuation in milliseconds of time between packets is what we call jitter.
Although packet loss does not actually result in truly “lost” packets for TCP, the end-user’s experience suffers from this occurrence.
What causes packet loss?
Sometimes data traversing the internet passes through networks that do not have the same bandwidth capacity. You have to wait longer for network traffic to pass through a “pipe” with less throughput, especially if there is a spike in traffic volume.
This 2-minute explainer video by Udacity does a great job illustrating this situation.
Network hardware like routers, switches, and firewalls not only consume a lot of power and bandwidth, but as they approach end-of-life, they can weaken the signal between networks.
These network devices can also miscommunicate. Duplex mismatches between an endpoint and the network access switch, or between routers and switches can cause packet loss. Duplex mismatches usually surface in real-time applications like video conferencing.
Ethernet can run at the operation mode of full or half duplex. The endpoints negotiate a common protocol for the highest speed that can be supported. Sometimes the communication fails between the endpoints, and one end runs half duplex and the other end runs full duplex. This creates a continuous stream of packet loss, but because of TCP’s packet recovery, end users don’t feel the impact unless using real-time apps, like video conferencing.
Out of Date Software
If your software is not running on an up-to-date version, it has unpatched issues. These software bugs, left unchecked, can disrupt the network and lead to dropped packets.
Wi-Fi vs. Wired
When data is traveling across wireless networks, there are chances for signal interference through weather events, radio waves, or physical impediments like mountains and walls, not to mention the weakening of a signal over long distances. All of these risk factors make packet loss more likely on Wi-Fi networks.
Distributed Denial of Service (DDoS)
When hackers or hacktivists want to shut down a website or paralyze the functions of a business they can overwhelm the network with a DDoS attack. The attackers send a flood of packets from several IP addresses and outpace the targeted network’s ability to keep up. It can be difficult to distinguish the junk/attack packets from legitimate packets if the volume of data is too much, ultimately resulting in a crash.
There was an 11% increase in DDoS attacks from 2020 to the first half of 2021 with a new record of over 5.4 million attacks reported. We saw an example of this in early 2021 where a hacker targeted a European gambling website with a DDoS attack sending over 800 GB in data, choking the network, and forcing it to go offline.
Packet Drop Attack
This falls under a denial-of-service attack. A hacker takes control of the router that should transmit the network data for the enterprise but instead dumps all the packets.
How do you test for packet loss?
To see if you are experiencing packet loss you can do a quick free check from packetlosstest.com. While it can’t tell you what is causing it, it can certainly confirm if packet loss is occurring. You can run this test from your browser without any download requirements.
Here’s a look at my results:
Once you fully grasp the catalog of possibilities that could result in packet loss, the objective is to find where it is happening, and fix it.
How do you fix packet loss?
Process of Elimination
If you don’t have a tool that can identify what issues are causing the packet loss, you can use a process of elimination to tamp down on likely culprits.
Even if you don’t know exactly what is causing it, there are some general tweaks you can do to help packets reach their destination:
As simple as this seems, the first answer for any problem is usually, “have you tried turning it off?” Well, have you? Restart your network router and hardware.
Remove things that could be exacerbating the issue – cut off the camera, unplug the headset, cut off the wireless speaker. All of that.
As a last-ditch effort, you can shut down your firewall to see if it’s causing the degradation. Some firewalls are more bandwidth-intensive than others.
NOTE: We do not recommend you turn off your firewall any longer than the short time period for troubleshooting.
Switch to Wired – pull out that old gray ethernet cable and plug it in. Oftentimes, the latency from packet loss happens somewhere along its Wi-Fi journey.
Use QoS – the quality of service allows you to assign priority to different types of traffic. For example, you may decide to prioritize real-time applications like VoIP over email.
While these best-effort attempts can help with packet loss, the only definite solution is packet analysis. Packet capture lets you see into network traffic to identify where the choke point happens.
A Packet Capture and Analysis Tool
To find out exactly what is causing the packet loss, you need network visibility. Network monitoring tools like packet capture deliver the details within the packet headers and payload. The packet components contain powerful information that can be acted upon immediately. Deep packet inspection (DPI) and advanced analytics can uncover patterns in the data to help you better anticipate network failures.
About Live Action:
LiveAction’s Packet capture tool, LiveWire removes the guesswork from packet loss troubleshooting. Our ThreatNV product delivers proprietary encrypted traffic analysis. Detect and resolve network issues in minutes with our packet capture solution. Schedule a demo today.