$ uname -a
Linux XYZ 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006 i686 i686 i386 GNU/Linux
On Fri, Dec 17, 2010 at 1:57 PM, Guy Harris
<guy@xxxxxxxxxxxx> wrote:
On Dec 17, 2010, at 8:03 AM, Romel Khan wrote:
> I did a capture and notice that packets are not chronologically sorted.
That sounds like a bug in your OS. If packets aren't delivered by the OS to the capture mechanism in strict time order, that's an OS bug. (Yes, that means that if different packets are, as they arrive, processed on different cores, the mechanism should still sort them. If that imposes a performance penalty, and if some programs that directly use the capture mechanism don't care, then there should be an option to request whether you want strict time ordering or not - and libpcap/WinPcap should request it!)
What version of what OS are you running on? If Linux, what version of what kernel; if Windows, also indicate what version of WinPcap you have.
> Eg packet 64 if it were in chronological order would actually have been packet 5. I can sort by clicking Time column field. But how can I same it (to a different filename) so if I open that new filename, it will indeed show packet 64 properly as packet 5 (ie all packets properly chronologically adjusted) ?
There's no mechanism in Wireshark to do that.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
