Hi,
Who knows what the current status of the SCTP statistics is? I’ve tried a few
files, but couldn’t make sense of it. It looked like information was missing or
not filled at all.
Thanks,
Jaap
Send from my iPhone
___
Sen
This question isn't specific to Wireshark, but I couldn't find a
good forum. By all means, I'm open to suggestions as to where it
would be more appropriate to ask about this.
Anyway:
I'm trying to automate the reconciliation of a pair of packet
captures of a TCP session.
This is sort of a combi
How controlled will the network be between the two capture locations? Are
there any firewalls, load balancers, proxies, NATs, or anything like that?
If there are, then whatever correlation you do will have to factor in the
specific configuration and device characteristics.
If none of those are the
https://github.com/corelight/community-id-spec
"When processing flow data from a variety of monitoring applications (such
as Zeek and Suricata), it's often desirable to pivot quickly from one
dataset to another."
A Community ID implementation for Wireshark.
https://gitlab.com/wireshark/wireshark/-
On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote:
> How controlled will the network be between the two capture locations? Are
> there any firewalls, load balancers, proxies, NATs, or anything like that?
No NAT, just evidence of latency we need to nail down.
> If none of those are the ca
On Mon, Aug 28, 2023 at 11:57:54AM -0500, chuck c wrote:
> https://github.com/corelight/community-id-spec
> "When processing flow data from a variety of monitoring applications (such
> as Zeek and Suricata), it's often desirable to pivot quickly from one
> dataset to another."
>
> A Community ID i
On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote:
> Personally, as long as there are no firewalls, proxies, or NATs in the way,
> I would hash together source IP, destination IP, source port, destination
> port, and IP ID.
As I feared, ip.id doesn't work in my case. My two captures are i
The statistics mentioned here?
https://gitlab.com/wireshark/wireshark/-/issues/16367
The comments there suggest that the Enable Association Indexing preference
has to be on for the SCTP stats to work.
John
On Mon, Aug 28, 2023, 10:19 AM Jaap Keuter wrote:
> Hi,
>
> Who knows what the current
Sure, I can take a look.
On Mon, Aug 28, 2023 at 14:07 Brian Reichert wrote:
> On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote:
> > Personally, as long as there are no firewalls, proxies, or NATs in the
> way,
> > I would hash together source IP, destination IP, source port, destinati
