On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote:
> Personally, as long as there are no firewalls, proxies, or NATs in the way,
> I would hash together source IP, destination IP, source port, destination
> port, and IP ID.
As I feared, ip.id doesn't work in my case. My two captures are in
different networks, using a local client, and the remote server. As
packets traverse these networks, the IDs seem to change. I guess
the equivalent of NAT is in play.
This also means the 'community-id' flow identified doesn't work
well for me, for similar reasons.
Is there a way I could share a pair of small captures with you?
(ten or so packets each); maybe there are some details within that
you may see I can use to associate these together.
> Regards,
>
> Josh Clark
--
Brian Reichert <reichert@xxxxxxxxxxx>
BSD admin/developer at large