Wireshark-dev: Re: [Wireshark-dev] regarding the output of "Follow TCP Stream" command

From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 3 Sep 2009 21:26:32 +0200
On Thu, Sep 03, 2009 at 09:17:26AM +0300, Sel�uk Cevher wrote:
> 
>    Is the output of "Follow TCP Stream" command, with the "Entire
>    Conversation" option in drop-down list selected, strictly ordered ?

Yes, it is strictly ordered... but... only in the order in which they
were received by the system that captured the packets. There is no way
for the capturing system to know when the packets were sent by each
sender...

One way to analyze the *strict* order of both flows is to create
capture files at both ends of the connection and see how the
transmission delay is having an influence on the order of the packets.

Cheers,
    Sake