Wireshark-dev: Re: [Wireshark-dev] regarding the output of "Follow TCP Stream" command
From: Selçuk Cevher <cevhers@xxxxxxxxx>
Date: Fri, 4 Sep 2009 09:08:51 +0300
I understand.

What you typed about "strict" order is actually the same as what I meant.

Considering only one end of the connection, strict ordering of the stream is possible.

But, as an observer in the middle, it is impossible to order the communication between both sides as to figure out what interactions took place between the ends of a connection in a common timeline.

It was good to verify this.

Thanks.

On Thu, Sep 3, 2009 at 10:26 PM, Sake Blok <sake@xxxxxxxxxx> wrote:
On Thu, Sep 03, 2009 at 09:17:26AM +0300, Selçuk Cevher wrote:
>
>    Is the output of "Follow TCP Stream" command, with the "Entire
>    Conversation" option in drop-down list selected, strictly ordered ?

Yes, it is strictly ordered... but... only in the order in which they
were received by the system that captured the packets. There is no way
for the capturing system to know when the packets were sent by each
sender...

One way to analyze the *strict* order of both flows is to create
capture files at both ends of the connection and see how the
transmission delay is having an influence on the order of the packets.

Cheers,
   Sake
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe