Re: [WARNING - NOT VIRUS SCANNED] Negative delta with UDP / SIP conversation

[Michael Tuexen <Michael.Tuexen () lurchi franken de>]

On Jun 20, 2013, at 11:32 PM, Guy Harris <guy () alum mit edu> wrote:

> On Jun 20, 2013, at 2:14 PM, Pascal Quantin <pascal.quantin () gmail com> wrote:
>
> > I have nothing more to add to Guy's really good explanation. But if you are using Wireshark 1.10.0, be aware that it 
> > comes bundled with a small utility (found in the installation folder) allowing you to reorder a capture file 
> > according to the packets timestamp. Simply do:
>
> Having an option to do that within Wireshark might be useful as well.
>
> (Having a way for libpcap/WinPcap to fix that problem might also be useful; that might requiring delaying the 
> delivery of packets to libpcap's callers until you're pretty sure some packet with a time stamp before that packet 
> won't arrive.)
Please note that such a reordering also happens when capturing from multiple interfaces
with dumpcap/wireshark/tshark.  Possibly the ordering of packets from each interface
is preserved, but not more. However, timestamps can be used to to sort packets.

Best regards
Michael
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe