On 06/20/13 17:32, Guy Harris wrote:
On Jun 20, 2013, at 2:14 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
I have nothing more to add to Guy's really good explanation. But if you are using Wireshark 1.10.0, be aware that it comes bundled with a small utility (found in the installation folder) allowing you to reorder a capture file according to the packets timestamp. Simply do:
Having an option to do that within Wireshark might be useful as well.
(Having a way for libpcap/WinPcap to fix that problem might also be useful; that might requiring delaying the delivery of packets to libpcap's callers until you're pretty sure some packet with a time stamp before that packet won't arrive.)
Yes, it would be useful: we know that we can get packets out of order
when capturing from multiple devices at the same time. See:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8253
(In which I said that fixing the problem would be difficult if not
impossible.)