When you send information across a network, the TCP/IP protocol separates this information into small packets to break it up for faster transmission. Packets are labeled with header information so that the information can be reconstructed when it reaches the recipient. When a significant portion of these packets become corrupted or lost in transit, the packet loss causes communication failure. Packet loss can occur on any network, but it’s much more common when communication is sent over long distances, such as over the Internet.
What Causes Packet Loss?
Packet loss is caused by several network anomalies. Most packet loss issues are temporary when the sender does not control the issue. For instance, an Internet Service Provider (ISP) may experience a malfunction in network equipment such as a critical router. This router failure may cause packet loss, rendering users unable to communicate across the internet until the ISP replaces it.
Before understanding the causes of packet loss, it’s important to understand how data is transferred on a network. Data must be chopped up into segments to transfer across a network. Suppose one piece of data is chopped up into 10 segments. Each segment has a header section that contains information about routing such as the sender IP, the recipient IP, and the packet number in the sequence. The sequence number tells the recipient the order in which the packets must be connected to rebuild the data transmission and process it.
Routers tell packets what path to take to reach the intended recipient. Packets destined for a particular recipient don’t necessarily take the same path, so the recipient might get packets in an unordered state. The sequence number tells the recipient the ordered state to rebuild data correctly. If the recipient is missing a good portion of the sequenced packets, communication fails because data cannot be reconstructed.
Minor packet loss during communication does not completely ruin data transmission. Modern technology can rebuild communication provided enough packets are received. Should communication fail due to packet loss, the data must be resent to the recipient.
Most network communication that fails due to packet loss is software-related, but malfunctioning infrastructure can also be the root cause. Network administrators must perform several analytical steps to determine the root cause of packet loss. Some general issues that cause packet loss include:
- Network congestion: Just like physical roads, too much network traffic causes congestion. Routers responsible for sending packets across the right path can get overloaded. When routers are overloaded and can’t process traffic activity, they begin to drop packets.
- Software bugs: Software relies on network protocols to transfer data, but the recipient’s software is responsible for processing packets correctly. If software fails, packets could be dropped.
- Network hardware failure: The most common hardware failure that causes packet loss is malfunctioning routers or firewalls. The reasons for the failure could be outdated firmware, malfunctioning hardware, or insufficient computing resources.
- Security threats: Cyber-attackers can cause packet loss with a variety of threats. Threats can take most of the available bandwidth, causing congestion and, eventually, packet loss. A network delivered threat like a distributed denial-of-service (DDoS) against a web server could cause packet loss that stops legitimate users from using the service by flooding server resources and exhausting network bandwidth.
- Misconfigurations: Incorrect configurations on network devices can cause packet loss. Misconfigurations can cause collisions or tell devices to incorrectly drop packets for legitimate communication.
How to Detect Packet Loss
Routers on a network act as traffic stop lights and direct packets to the next path. For every router a packet hits, a new path is calculated, and the packet is sent across the next path. During data transfer, the router a packet passes is called a “hop.” A packet could hit multiple routers before it gets to its destination. For instance, if a packet hits 10 routers, it’s considered 10 hops across the network path to get to the destination.
If you’re experiencing slow internet connectivity, or you find that a web application is not functioning, it could be an issue with packet loss. You can test packet loss using several commands in Windows. The first step is to open the command-line window. You can do this by typing “cmd” in the Windows taskbar search textbox.
With the command-line interface open, type in the following command:
Note: In the image below, our internal IP is used to illustrate the results of a successful ping command instead of the 192.168.0.1 IP. This IP is most common with individual home routers, but you need an IP on your network to test packet loss with the ping command.
Notice in the ping statistics section that 4 packets were sent, 4 were received, and 0 were lost. This indicates that no packet loss occurred. Now, let’s use another IP with the ping command to illustrate packet loss.
This time, the request timed out, and packet loss occurred. Notice in the ping statistics that 4 packets were sent, 0 were received, and 4 (100%) were lost. If this were a web server or application that we were trying to connect to, this would be the first clue to indicate that packet loss could be the main issue for connectivity.
A domain name can be used instead of an IP address with the ping command. Instead of using an IP, add a domain argument to the ping command to test for packet loss. For instance, type the following into the command line:
With a domain, the ping command first does a lookup of the IP and sends packets to it. The result is the following:
A ping command is a simple tool used to test for packet loss, but it doesn’t tell you if the loss happens on your network or at a specific hop (router) on the internet. You can use the “tracert” command to pinpoint where packets are dropped.
Using the same domain (google.com), type the following command to perform a trace from your computer to the recipient server:
In the screenshot above, each hop to the Google server is displayed. It’s important to note that not every router on the internet will be configured to return a reply, so it’s not uncommon to see a “Request timed out” with some hops. However, with an internal network where all routers return a reply, “tracert” can be used to identify which router is causing the issue.
How to Prevent Packet Loss?
For individual internet consumers, packet loss is usually from hardware failure out of their control. Only the internet provider can resolve a hardware issue on the network. If network congestion is the reason behind packet loss, then you can resolve the issue by upgrading network equipment to support an increase in traffic.
It should be noted that a congested network on a typical home network could indicate a compromise. Attackers use malware to take over user devices and make them a part of a botnet. When the attacker sends the command, all devices flood a target with network traffic, causing the target to crash. All devices on the network should have antivirus and antimalware programs to avoid botnet malware from running on them.
Faulty hardware is the most probable cause of packet loss, but here are some other reasons that could be causing the issue:
- Buggy software: Software could be causing packet loss. Update and patch software, especially the device’s operating system, to fix bugs that could be the root cause for packet loss.
- Misconfigurations: Incorrect configurations could cause a router or device to drop packets. They could also stop traffic from flowing on the network. Ensure that all routers and devices have the right configurations to allow for communication.
- Wi-Fi router failure: The first hop in wireless network communication is your wireless router. These hotspots must be properly configured, their firmware updated, and function properly to allow users to communicate with them. If you have an internet provider’s Wi-Fi router, then they must replace or fix it.
- Security: Antivirus and antimalware are a primary defense against viruses and other malware that could affect packet loss and network performance. Should a device become part of a botnet, it should be removed from the network until the issue is remediated to stop congestion causing packet loss.
A zero-day exploit is a term given to a security flaw never previously seen in the wild. Read to about zero-day attacks, how exploits work and more.
With Proofpoint cloud app security solutions, you can detect, investigate, and defend against cybercriminals accessing your sensitive data and trusted accounts.