This question isn't specific to Wireshark, but I couldn't find a good forum. By all means, I'm open to suggestions as to where it would be more appropriate to ask about this.
Anyway: I'm trying to automate the reconciliation of a pair of packet captures of a TCP session. This is sort of a combination of: - reconstructing a TCP 'flow' as Wireshark currently does, and - correlating an individual packet within one capture with packet(s) in the second capture. The overall goal is to generate some insight on network latency. I'm very close, but not close enough. I naively though that I could 'just' chain sets of packets by comparing absolute sequence numbers, and the respective ACK numbers. But, given the example captures I have, this is proving to be not adequate. This is obviously an open-ended request for advice. I'd be happy for any I can get, including a 'go ask there' suggestion. Thanks! -- Brian Reichert <reich...@numachi.com> BSD admin/developer at large ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
