Solved: Track a packet in source & destination end sniffer captures

samarjitdas · ‎09-01-2011

Hi

I have taken sniffer capture at both ends(source & destination) of communication but how can I track a single packet from both sides of capture. Is there any unique # tagged into the packet from which it can be identified that this is the packet reaching the destination side capture which was sent by source.

Regards,

Samarjit Das

Cesar Roque · ‎09-01-2011

Hi Samarjit,

Try with the IP Identification

Cesar R

--------------------- Cesar R ANS Team

View solution in original post

Ahmad Basel Jaber · ‎09-01-2011

Agree with Cesar, IP ID should not be changed by any intermidiate network device, the wireshark filter is

ip.id == 0x6b04, where 0x6b04 is the packet ID, you can find it under Layer 3 header.

View solution in original post

Collin Clark · ‎09-01-2011

There is. Look at the TCP Sequence #.

samarjitdas · ‎09-01-2011

I believe wireshark converts all real Seq # and ACK Numbers of packet into relative numbers.Instead of displaying the real seq and Ack # in the display, Wireshark will display a seq and ack number relative to the first seen segment for that conversation. Hence always seq & ack # starts with 0.

If sniffer trace at both ends of conversation started and there would be a slight gap of start time in both ends, there won't have any option to find out how a packet will be represented in destination end.

Cesar Roque · ‎09-01-2011