Wireshark mailing list archives

Re: match packets at sender and receiver

From: Kevin Cullimore <kcullimo () runbox com>
Date: Tue, 06 Apr 2010 03:03:39 -0400

On 4/5/2010 11:10 PM, Andrej van der Zee wrote:

Hi,

I was wondering if it is possible to match packets at the sender and
receiver end of the connection. Suppose I have two cap-files for the
same period between hosts A and B that communicate with each other,
can I match packets that are send from A to B, as the packets are
sniffed at both sides of the line?

It partially depends upon the nature of the traffic. Simple cases 
wherein the data is encapsulated via tcp AND ip allow you to infer which 
interface sent the traffic and additionally allow you to infer 
temporality-tracking differences between hosts by matching up timestamps 
and sequence numbers. Other packet-formatting combinations may provide 
fewer data-points for you to utilize while engaging in the measurement 
exercises you indicated interest in.  I'd be interested to hear if 
anyone's successfully made use of protocol-independent techniques.

One of the problems I am trying to solve is to detect time differences
between the two hosts, preferably on a per-second basis in case of
possible clock skews. I thought maybe I could compare the timestamps
at host A and B for the same packets, as a starting point.

Any help would be appreciated.

Thank you,
Andrej
___________________________________________________________________________
Sent via:    Wireshark-users mailing list<wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
              mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

match packets at sender and receiver Andrej van der Zee (Apr 05)
- Re: match packets at sender and receiver Kevin Cullimore (Apr 06)
  - Re: match packets at sender and receiver Andrej van der Zee (Apr 06)
- Re: match packets at sender and receiver Ian Schorr (Apr 06)
  - Re: match packets at sender and receiver Andrej van der Zee (Apr 06)
    - Re: match packets at sender and receiver bart sikkes (Apr 06)
    - Re: match packets at sender and receiver Ian Schorr (Apr 06)
    - Re: match packets at sender and receiver Andrej van der Zee (Apr 06)
    - Re: match packets at sender and receiver Andrej van der Zee (Apr 20)
    - Re: match packets at sender and receiver Andrej van der Zee (Apr 20)
- Re: match packets at sender and receiver Boonie (Apr 06)
  - Re: match packets at sender and receiver Andrej van der Zee (Apr 06)

(Thread continues...)