TCP out-of-order packet events

Another phenomenon that you will see in networks is previous segment loss and out-of-order segments. Both relate to packets arriving out of order, and in some cases indicate a problem.

When you see this on a network connection, it might happen due to network problems or an interruption in capture. In this recipe we will focus on this issue and what it can cause.

Getting ready

Start Wireshark and connect it on a mirrored port. The three phenomena that we want to focus on in this recipe are:

Previous segment lost: This occurs when a packet arrives with a sequence number higher than the next expected sequence number on that connection, indicating that one or more packets prior to the flagged packet did not arrive
Out-of-order ...

Get Network Analysis Using Wireshark Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Analysis Using Wireshark Cookbook by Yoram Orzach

TCP out-of-order packet events

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly