Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2883] Timing of packets in a mess

Date: Mon, 22 Sep 2008 07:23:32 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2883





--- Comment #3 from LEGO <luis.ontanon@xxxxxxxxx>  2008-09-22 07:23:32 PDT ---

I was refering to Web caching... The browser has a cache,  the transit towards
the server might have yet more.

E.g. I use three caches here, my browser's, a local proxy-cache which in turns
uses yet another proxy-cacheto fetch external requests.

The issue you see is due to tcp-rerassembly. The HTTP PDU is analyzed by
Wireshark after the TCP payload frames that carry it on top had already been
reassembled.

Wireshark does not see any "HTTP" until after reassembly and that gets done
once the header and the body had being re-assembled. 

OTOH macsharks' TCP does not do any reassembling so you see HTTP in the first
packet that carries it. 

 Go to: Preferences->protocolos->TCP
 Disable (uncheck) "Allow subdissector to reassemble TCP streams"

At that point you'll see that Wireshark yields packets in the same order as
macshark.


\Lego 


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.