Re: Track a packet in source & destination end sniffer captures

[Sake Blok <sake () euronet nl>]

On 1 sep 2011, at 11:14, samarjit das wrote:

> I have taken sniffer capture at both ends(source & destination) of communication but how can I track a single packet 
> at both sides of capture. Is there any unique #  tagged into the packet from which it can be identified that this is 
> the packet reaching the destination side capture which was sent by source.

That depends on the devices that are in the path. Is there NAT being done or loadbalancing or maybe a firewall with 
some sanitization?

Things you might be able to match packets by:

- src-ip,dst-ip,tcp-srcport,tcp-dstport,tcp-sequence tuple (of course a quick search on the tcp sequence number also 
works most of the times)
- src-ip,dst-ip,ip-id tuple (a search on ip-id will also work, but might give you quite a few false positives as it is 
a 16-bit value)
- Some part of the payload data maybe good to search for

The right-click option "copy as filter" comes in handy in these cases, combined with "Find packet (the display filter 
option)"

Good luck,
Cheers,

Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe