Packet 1 2 3 4 5 time .00001 .00002 .00005 .00006 .00004 asked 26 May '15, 12:59  stobbe99 |
One Answer:
It (most certainly) means one of the following things:
Regards answered 26 May '15, 13:57  Kurt Knochner ♦ Kurt, And when I see this on one interface? I really see packets with a higher sequence number arriving before some packets with a lower sequence number. KR Henk (26 May '15, 14:11) stobbe99 The OS delivering packets to the packet capture mechanism out of order? I've seen that happen on multiprocessor/multicore Linux systems, for example; it may be that the packet that arrives on the host first (and gets an earlier time stamp) ends up arriving at the PF_PACKET socket after another packet that arrived later on the host. (26 May '15, 14:52) Guy Harris ♦♦ Guy, Yes it is a multicore linux system, is this a problem for wireshark? KR Henk (26 May '15, 19:56) stobbe99
If by that do you mean "is this a problem for programs that capture packets using PF_PACKET sockets, such as programs using libpcap, one of which is dumpcap, the program that Wireshark uses to capture packets" :-), the answer is "yes", but the answer also means "trying another program, such as tcpdump, which also uses libpcap, won't help". It might be possible to make libpcap work around that "feature" of Linux, but that would take some work. (26 May '15, 22:05) Guy Harris ♦♦ |
Is this the out sink sequence between number and time an issue?