Revision history [back]

Folks

I saw this dump on a different forum but the real cause wasn't explained properly

I will assume the first packet seen is number 1, my concern is with packets 12, 14 and 15

10. 192.168.1.100 → 198.41.209.139: SEQ=661 – ACK=8205 [ACK] → OK
11. 198.41.209.139 → 192.168.1.100: SEQ=8205 – ACK=661 [ACK] → OK
12. 198.41.209.139 → 192.168.1.100: SEQ=12525 – ACK=661 [PSH, ACK] → Bad
13. 192.168.1.100 → 198.41.209.139: SEQ=661 – ACK=9645 [ACK] → OK
14. 198.41.209.139 → 192.168.1.100: SEQ=9645 – ACK=661 [ACK] → Bad
15. 198.41.209.139 → 192.168.1.100: SEQ=11085 – ACK=661 [ACK] → Bad

1st Concern: Looking at PKT 14 I'm not able to determine why it is out-of-order! If it came before PKT 13 like below would it be OK?

****198.41.209.139 → 192.168.1.100: SEQ=9645 – ACK=661 [ACK]
13. 192.168.1.100 → 198.41.209.139: SEQ=661 – ACK=9645 [ACK]

2nd Concern: PKT 12 is seeing that a previous TCP segment wasn't captured, is it referring to PKT 15 which came late? So if I saw it like below would it be considered OK?

11. 198.41.209.139 → 192.168.1.100: SEQ=8205 – ACK=661 [ACK]
****198.41.209.139 → 192.168.1.100: SEQ=11085 – ACK=661 [ACK]
12. 198.41.209.139 → 192.168.1.100: SEQ=12525 – ACK=661 [PSH, ACK]

How does wireshark determine if a packet is out-of-order?

Thanks,

Folks

I saw this dump on a different forum but the real cause wasn't explained properly

I will assume the first packet seen is number 1, my concern is with packets 12, 14 and 15

10. 192.168.1.100 → 198.41.209.139: SEQ=661 – ACK=8205 [ACK] → OK
11. 198.41.209.139 → 192.168.1.100: SEQ=8205 – ACK=661 [ACK] → OK
12. 198.41.209.139 → 192.168.1.100: SEQ=12525 – ACK=661 [PSH, ACK] → Bad
13. 192.168.1.100 → 198.41.209.139: SEQ=661 – ACK=9645 [ACK] → OK
14. 198.41.209.139 → 192.168.1.100: SEQ=9645 – ACK=661 [ACK] → Bad
15. 198.41.209.139 → 192.168.1.100: SEQ=11085 – ACK=661 [ACK] → Bad

1st Concern: Looking at PKT 14 I'm not able to determine why it is out-of-order! If it came before PKT 13 like below would it be OK?

****198.41.209.139 → 192.168.1.100: SEQ=9645 – ACK=661 [ACK]
13. 192.168.1.100 → 198.41.209.139: SEQ=661 – ACK=9645 [ACK]

2nd Concern: PKT 12 is seeing that a previous TCP segment wasn't captured, is it referring to PKT 15 which came late? So if I saw it like below would it be considered OK?

11. 198.41.209.139 → 192.168.1.100: SEQ=8205 – ACK=661 [ACK]
****198.41.209.139 → 192.168.1.100: SEQ=11085 – ACK=661 [ACK]
12. 198.41.209.139 → 192.168.1.100: SEQ=12525 – ACK=661 [PSH, ACK]

How does wireshark determine if a packet is out-of-order?

Thanks,

Folks

I saw this dump on a different forum but the real cause wasn't explained properly

I will assume the first packet seen is number 1, my concern is with packets 12, 14 and 15

10. 192.168.1.100 → 198.41.209.139: SEQ=661 – ACK=8205 [ACK] → OK
11. 198.41.209.139 → 192.168.1.100: SEQ=8205 – ACK=661 [ACK] → OK
12. 198.41.209.139 → 192.168.1.100: SEQ=12525 – ACK=661 [PSH, ACK] → Bad
13. 192.168.1.100 → 198.41.209.139: SEQ=661 – ACK=9645 [ACK] → OK
14. 198.41.209.139 → 192.168.1.100: SEQ=9645 – ACK=661 [ACK] → Bad
15. 198.41.209.139 → 192.168.1.100: SEQ=11085 – ACK=661 [ACK] → Bad

1st Concern: Looking at PKT 14 I'm not able to determine why it is out-of-order! If it came before PKT 13 like below would it be OK?

****198.41.209.139 → 192.168.1.100: SEQ=9645 – ACK=661 [ACK]
13. 192.168.1.100 → 198.41.209.139: SEQ=661 – ACK=9645 [ACK]

2nd Concern: PKT 12 is seeing that a previous TCP segment wasn't captured, is it referring to PKT 15 which came late? So if I saw it like below would it be considered OK?

11. 198.41.209.139 → 192.168.1.100: SEQ=8205 – ACK=661 [ACK]
****198.41.209.139 → 192.168.1.100: SEQ=11085 – ACK=661 [ACK]
12. 198.41.209.139 → 192.168.1.100: SEQ=12525 – ACK=661 [PSH, ACK]

How does wireshark determine if a packet is out-of-order?

Thanks,