I've noticed that packet captures using "Smart packet capture" in DCRUM are now completely reordered since we migrated to HS-Amd.
It's explainable as the processing of the packets are more parallellized and buffered for performance.
So if you ever have to analyze one of these traces, and need to correlate events based on time - then don't forget to sort your wireshark UI on the packet timestamp column (instead of the default 'No')
Well, yes that's the reality: packets collected from multiple interfaces, upon recording to a file, are not sorted by their timestamps. We only maintain packets order within each TCP session, other than that the partial, interface-sourced traces, are just concatenated.
This is done for performance reasons. In case of large packet traces the overhead required to sort the packets may be significant and we didn't want to risk extra load on the production AMD, while sorting can be done at the analysis time, offline. The consequence is a need to sort packets in the beginning of the analysis.
We will consider whether sorting could be added in the future releases.