Issue
Packets from the EBO onboard packet capture utility are not ordered correctly. In the example below it can be seen that the sequence number of the ACK comes before the REQ despite the timestamp for the ACK being later than the REQ.
Product Line
EcoStruxure Building Operation
Environment
- Building Operation Workstation
- SpaceLogic Server
Cause
Out-of-order packets are quite normal on a TCP level. Earlier packets can arrive later due to buffering and other reasons. Applications are able to buffer these messages and rearrange them before they are written to the application.
Since the standard Wireshark pcap utility that EBO uses to capture packets does not sort packets in a batch by time stamp before delivering them to the capture file it is subject to the same irregularities that we would see on any OS.
Resolution
This is a common enough issue that Wireshark includes a command line utility named reordercap that can fix packets that can't have been on the network in that order (like an answer being sent before you see the request for it).
In the example below the utility has run through a capture and reordered items and saved the file as a new file.
See the Wireshark reordercap help topic for further information on this utility.
