I am running tshark on Ubuntu server continuously to perform real-time analysis on all the HTTP GET and HTTP 200 OK packets to calculate the time between them (since the request until the response). I am aware this is not the most accurate way to compute the exact time. The issue here that approximately 1.5% of the GET & OK packets appears out of order; I.e, the response appear before the request. I tried using reordercap but nothing changed at all. How can I solve this? I am fine with using other tools if this can be solved.
I am attaching a pcap file (https://tinyurl.com/outoforderpcap) showing this issue. The packet number 444 shows the HTTP 200 OK for the file file_103.odt while the packet number 448 shows the HTTP GET for the same file! FYI, this pcap file has already gone through reordercap.
Here is my setup: Ubuntu Server (running tshark) on VirtualBox running under MacOS
The client (downloading the files) were: 1- Android mobile. and/or 2- The host itself (MacOS).
