Re: wireshark capture shows packets not chronologically captured

[Guy Harris <guy () alum mit edu>]

On Dec 17, 2010, at 8:03 AM, Romel Khan wrote:

> I did a capture and notice that packets are not chronologically sorted.

That sounds like a bug in your OS.  If packets aren't delivered by the OS to the capture mechanism in strict time 
order, that's an OS bug.  (Yes, that means that if different packets are, as they arrive, processed on different cores, 
the mechanism should still sort them.  If that imposes a performance penalty, and if some programs that directly use 
the capture mechanism don't care, then there should be an option to request whether you want strict time ordering or 
not - and libpcap/WinPcap should request it!)

What version of what OS are you running on?  If Linux, what version of what kernel; if Windows, also indicate what 
version of WinPcap you have.

> Eg packet 64 if it were in chronological order would actually have been packet 5. I can sort by clicking Time column 
> field. But how can I same it (to a different filename) so if I open that new filename, it will indeed show packet 64 
> properly as packet 5 (ie all packets properly chronologically adjusted) ? 

There's no mechanism in Wireshark to do that.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe