This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

It's suppossed that the TCP layer should re-order the packets correctly before it passes to the application layer. In the capture we get with tcpdump and then analysed with wireshark, are there any re-ordering involved already?

I'm trying to understand if the data we capture is already processed by the tcp layer or not.

Thanks!

asked 01 Apr '14, 09:14

EdisSolar's gravatar image

EdisSolar
6113
accept rate: 0%


No, Wireshark does not reorder packets, it shows the packets in the order they arrived at the capture device (which may or may not be the same as on the stack of the actual receiver).

The only thing that may fool you is the fact that Wireshark sometimes changes the info column when "Allow Subdisectors to reassemble TCP streams" is enabled (which it is by default). You can turn that feature of in the TCP settings in the preferences dialog under "Protocols".

permanent link

answered 01 Apr '14, 09:22

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×97
×36

question asked: 01 Apr '14, 09:14

question was seen: 2,120 times

last updated: 01 Apr '14, 09:22

p​o​w​e​r​e​d by O​S​Q​A