Wireshark · Wireshark-dev: [Wireshark-dev] How WIRESHARK confirm the TCP OUT-OF-ORDER packet!

Wireshark-dev: [Wireshark-dev] How WIRESHARK confirm the TCP OUT-OF-ORDER packet!

Date: Mon, 15 Sep 2014 15:10:36 +0800

Hello,everyone!

It is my pleasure to write here for you.

I've got some problems with the wireshark that how the software confirm if the tcp packet is out-of-order or not.

I captured a pcap file named 'example.pcap',in this file No.507, No.508 ,No.509 make me confused：

（because the pcap file is too large ，it is more than 7MB，so I have to export the right packets as plain text named No507-No509.txt ）

507    IP_ID:15689    TCP_SEQ:727452
        508    IP_ID:15690    TCP_SEQ:669373------out of order
        509    IP_ID:15691    TCP_SEQ:670825------TCP retransmission

No.508 Packet has a IP header ID that is 15690 which is bigger than No.507.This means the server sended No.508 packet after No.507 packet,and wireshark captured them the same way .So,as I known ,No.508 may be a retransmission instead of out-of-order packet.However, wireshark tags a out-of-order flag on No.508 which makes me confused,Is there any rule I don't get? I got nothing on the Internet about this question ，could you please help me？

Thanks a lot！

PS：Wireshark version 1.12.0 (v1.12.0-0-g4fab41a from master-1.12)

Best regards,

Ring Lee

Attachment: No507-No509.txt
Description: Binary data

Follow-Ups:
- Re: [Wireshark-dev] How WIRESHARK confirm the TCP OUT-OF-ORDER packet!
  - From: Jeff Morriss

Prev by Date: [Wireshark-dev] Systematic crash at startup when launching Wireshark GTK+ 1.99 x64 on Windows 8.1
Next by Date: Re: [Wireshark-dev] Systematic crash at startup when launching Wireshark GTK+ 1.99 x64 on Windows 8.1
Previous by thread: Re: [Wireshark-dev] Systematic crash at startup when launching Wireshark GTK+ 1.99 x64 on Windows 8.1
Next by thread: Re: [Wireshark-dev] How WIRESHARK confirm the TCP OUT-OF-ORDER packet!
Index(es):
- Date
- Thread