Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Does wireshark or can wireshark reassemble packets with TCP Out-of-Order warnings?

A sample pcapng file I have have several "TCP Out-of-Order", "TCP Retransmission", "TCP Fast Retransmission", etc. Using the Analyze -> Follow TCP Stream feature of wireshark, the payload can be reassembled successfully. So, does wireshark have a built-in feature that can be enabled to reassemble the packets and display the reassembled packets in the Packet List and Packet Details pane instead of using the Follow TCP Stream feature? If not, how can this be implemented, where do I start? Any suggestion is very much appreciated.