Wireshark-users: Re: [Wireshark-users] [WARNING - NOT VIRUS SCANNED] Negative delta with UDP / SI
From: Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Fri, 21 Jun 2013 09:14:04 +0200
On Jun 20, 2013, at 11:32 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

> 
> On Jun 20, 2013, at 2:14 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
> 
>> I have nothing more to add to Guy's really good explanation. But if you are using Wireshark 1.10.0, be aware that it comes bundled with a small utility (found in the installation folder) allowing you to reorder a capture file according to the packets timestamp. Simply do:
> 
> Having an option to do that within Wireshark might be useful as well.
> 
> (Having a way for libpcap/WinPcap to fix that problem might also be useful; that might requiring delaying the delivery of packets to libpcap's callers until you're pretty sure some packet with a time stamp before that packet won't arrive.)
Please note that such a reordering also happens when capturing from multiple interfaces
with dumpcap/wireshark/tshark.  Possibly the ordering of packets from each interface
is preserved, but not more. However, timestamps can be used to to sort packets.

Best regards
Michael
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>