TCP retransmission rate on a host are often a good indicator of network problems. How do I find out the source and destination IPs for the packets that are being retransmitted?
For context, on hosts that have sar installed, one can see the re-transmission rates like so:
sar -n ETCP
10:11:02 AM atmptf/s estres/s retrans/s isegerr/s orsts/s
10:12:01 AM 0.07 1.95 0.08 0.00 1.18
10:13:01 AM 0.07 1.30 0.02 0.00 0.83
10:14:01 AM 0.07 1.40 0.02 0.00 0.85
To find the source and destination IP addresses you could do
(or use -R in older versions of 'tshark') but this won't give you the "retransmission rate". I have to say that the "retransmission rate" on its own is not a good metric for network problems unless you know the reasons for the retransmissions. Wireshark can help a bit, but it takes some manual processing to find the root cause, usually.