can't recognize " Tcp out-of-order"

[qq1176914912]

gov.cn_SSL过滤.zip in the pcap file,No.338 ,wireshark shows " Tcp out-of-order" and bruteshark can't recognize it.

[odedshimon]

Hi @qq1176914912, I processed the above file at both BruteShark and Wireshark. The results are similar - there is only one TCP session at the file which is extracted just fine. Please explain to me exactly what problem you experienced. Oded

[qq1176914912]

嗨@qq1176914912， 我在 BruteShark 和 Wireshark 上处理了上述文件。 结果是相似的 - 文件中只有一个 TCP 会话被提取得很好。 请准确地向我解释您遇到了什么问题。 奥德

[odedshimon]

Hi @qq1176914912 again. I have translated your message and I understood that you find it weird that it worked, so I took another look at the file (For general information - I do not read Chinese).

I have found that the processing have failed since the file name contains Chinese characters. When I rename the file to English letters only, the problem does not exist (I did that last time before I even started analyzing the file and therefore did not recognize the problem).

I recommend that you load files that are in paths with English letters only, until I will check if a solution to the problem can be implemented.

[qq1176914912]

嗨@qq1176914912。 我已经翻译了你的消息，我知道你觉得它的工作很奇怪，所以我又看了一遍文件（一般信息 - 我不懂中文）。

我发现处理失败，因为文件名包含汉字。 当我将文件重命名为仅英文字母时，问题不存在（上次我什至在开始分析文件之前就这样做了，因此没有识别出问题）。

我建议您加载仅包含英文字母的路径中的文件，直到我检查是否可以实施该问题的解决方案。

The problem I encountered is that when the session gets out of order, that is, the tcpSession in the code method, the data is out of order, and the session data behind the out of order cannot be analyzed correctly. The reason is that the out of order cannot be identified.