Hello,everyone!
It
is my pleasure to write here for you.
I've got some
problems with the wireshark that how the software confirm if the tcp packet is
out-of-order or not.
I captured a
pcap file named 'example.pcap',in this file No.507, No.508
,No.509 make me confused:
(because the
pcap file is too large ,it is more than 7MB,so I have to export the right
packets as plain text named No507-No509.txt )
507 IP_ID:15689 TCP_SEQ:727452
508 IP_ID:15690 TCP_SEQ:669373------out
of
order
509 IP_ID:15691 TCP_SEQ:670825------TCP
retransmission
No.508 Packet has a IP
header ID that is 15690 which is bigger than No.507.This means the server
sended No.508 packet after No.507 packet,and wireshark captured them the same
way .So,as I known ,No.508 may be a retransmission instead of out-of-order
packet.However, wireshark tags a out-of-order flag on No.508 which makes me
confused,Is there any rule I don't get? I got nothing on the Internet about
this question ,could you please help me?
Thanks a lot!
PS:Wireshark version 1.12.0
(v1.12.0-0-g4fab41a from master-1.12)
Best regards,
Ring Lee