Quicklinks: manpage | Wireshark Docs | code
Reordercap is a simple utility that orders all packets by timestamp.
reordercap will not error with reordercap $file $file, but when you read the file, the packets will be in order but now malformed.
bash-5.0$ mkfifo myfifo
bash-5.0$ tshark -r out-of-order.pcap -w myfifo & reordercap myfifo out-of-order.pcap
[1] 3941
reordercap: The file "myfifo" is a pipe or FIFO; reordercap can't read pipe or FIFO files in two-pass mode.
For these examples, using this cloudshark file
Reorder an out of order pcap
$ reordercap http-out-of-order.pcapng inorder.pcapng
10 frames, 1 out of order
Try to reorder it again with -n
$ reordercap -n inorder.pcapng inorder2.pcapng
10 frames, 0 out of order
Not writing output file because input file is already in order.
To reorder a file in place, use a temp file
# Using a temp file
bash-5.0$ reordercap out-of-order.pcap temp
bash-5.0$ mv temp out-of-order.pcap