On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote: > Personally, as long as there are no firewalls, proxies, or NATs in the way, > I would hash together source IP, destination IP, source port, destination > port, and IP ID.
As I feared, ip.id doesn't work in my case. My two captures are in different networks, using a local client, and the remote server. As packets traverse these networks, the IDs seem to change. I guess the equivalent of NAT is in play. This also means the 'community-id' flow identified doesn't work well for me, for similar reasons. Is there a way I could share a pair of small captures with you? (ten or so packets each); maybe there are some details within that you may see I can use to associate these together. > Regards, > > Josh Clark -- Brian Reichert <reich...@numachi.com> BSD admin/developer at large ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
