This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Out of order: tcp re-ordering already executed?

0

It's suppossed that the TCP layer should re-order the packets correctly before it passes to the application layer. In the capture we get with tcpdump and then analysed with wireshark, are there any re-ordering involved already?

I'm trying to understand if the data we capture is already processed by the tcp layer or not.

Thanks!

asked 01 Apr '14, 09:14

EdisSolar's gravatar image

EdisSolar
6113
accept rate: 0%


One Answer:

1

No, Wireshark does not reorder packets, it shows the packets in the order they arrived at the capture device (which may or may not be the same as on the stack of the actual receiver).

The only thing that may fool you is the fact that Wireshark sometimes changes the info column when "Allow Subdisectors to reassemble TCP streams" is enabled (which it is by default). You can turn that feature of in the TCP settings in the preferences dialog under "Protocols".

answered 01 Apr '14, 09:22

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%