Re: wireshark capture shows packets not chronologically captured

[Guy Harris <guy () alum mit edu>]

On Dec 20, 2010, at 9:53 AM, Stephen Fisher wrote:

> That thread was 8 years ago, and a couple replies down, Alan Cox said: 
> "You should never need it. Ethernet, hubs, switches, routers, internet 
> backbones etc will all cause packet re-ordering. You should also expect 
> the percentage of re-ordered frames on the net to rise and rise." *sigh*

In the context of an application that's implementing a network protocol atop PF_PACKET sockets, his reply makes sense.

In the context of an application that's capturing network traffic, for the purpose of analysis where packet time stamps 
are important, not so much....

Admittedly, if high-resolution and high-accuracy time stamps are important, you probably want the network adapter doing 
the time stamping, which would eliminate that problem (at least as long as you don't have more than one such adapter) - 
but that might be overkill if all you want is monotonicity.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe