Ariel Burbaickij wrote:
Hm, let me formulate then the question other way round:
What is the added value of having separate notion of packets' numbers based
on sequence of their delivery from OS level apart from maybe pointing
to some bug in OS?
It takes less work than sorting and re-numbering the packets. :-)
I.e., it's not as if we *set out* to have a separate notion of packet's
numbers. We could add code to sort and re-number the packets in
Wireshark - that'd mean deferring the reading of the packet contents
until they're sorted, or arranging that, in all data structures, we keep
pointers to packet structures rather than packet numbers, so that, after
the sorting, the new numbers are seen in "Reassembled in" and the like.
That wouldn't, of course, work for TShark, which is, by intent and
design, one-pass.