Wireshark · Wireshark-users: [Wireshark-users] Simultaneous Captures

Wireshark-users: [Wireshark-users] Simultaneous Captures - Matching Packets

From: "Samson Martinez" <samson@xxxxxxxxxx>

Date: Thu, 23 Apr 2009 14:10:58 -0500

Hello All,

Brand-new subscriber to this user-list – long time user of Wireshark. I’ve been trying to determine the easiest method for matching up packets that have been simultaneously captured on two systems and I thought, it appears erroneously, that all the info in the packets would match, including sequence numbers, etc.

For example, I took simultaneous captures on two separate servers (Solaris servers using snoop) and then loaded both files into Wireshark to compare. I used the timestamps & IP Identification field to match up packets. However, the sequence numbers don’t match up. Is this normal?

Thanks!

-Samson

Follow-Ups:
- Re: [Wireshark-users] Simultaneous Captures - Matching Packets
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] Filter for Unanswered SYN's
Next by Date: [Wireshark-users] code to extract only the length of captured packets
Previous by thread: [Wireshark-users] TCP SYN Filter
Next by thread: Re: [Wireshark-users] Simultaneous Captures - Matching Packets
Index(es):
- Date
- Thread