This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to get AAA.jpg file from the trace under Out-of-Order environment

0

alt text

Currently, I've faced sme problem while uploading the file to ftp server. If I upload the file via ftp-put command, sometimes a few thousand bytes was changed from original file. But, it isn't happen always... just once in a month... anyway, I've captured the trace from all possible points as attached points and tried to filter out(Follow TCP Stream > RAW > Save As) AAA.jpg from each point then, compare these /w origin file.

It was simple job but unexpected problem was occurred. Thru the network, many packets changed its' order set. For example, packets transfered /w sequence number 1,2,3,4,5,6 but receiver get the packets 1,2,4,5,6,3.

The biggest problem is... 'Follow TCP Stream' just re-assemble the trace as it is... packet orderset by 1,2,4,5,6,3. So, it cannot be compared /w origin file. Is there any solution to sort the packets by sequence number?

Thanks. -Sunny

asked 31 Aug '11, 19:22

Sunny%20Hilliter's gravatar image

Sunny Hilliter
1223
accept rate: 0%

Getting back to your original problem: Are you sure you always transfer the file in binary mode?

(01 Sep '11, 08:17) Jaap ♦

One Answer:

0

Follow TCP Stream is supposed to reorder packets so that the stream is presented the same way as it is to the application. So in your case, all the RAW exports should be the same. If not, there might be any of these issues:

  • The TCP sequence numbers of the packets are messed up, messing up the reassembly done by "Follow TCP stream", but this will also mess up the reception of the file.

  • There is a bug in the "Follow TCP Stream" code in Wireshark, if you think this is the case, could you file a bug at https://bugs.wireshark.org/ and attach the tracefile that is exhibiting this behavior?

answered 31 Aug '11, 23:58

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%