[Josh Clark <josh@xxxxxxxxxxxx>]

Sure, I can take a look.

On Mon, Aug 28, 2023 at 14:07 Brian Reichert <reichert@xxxxxxxxxxx> wrote:

On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote:
> Personally, as long as there are no firewalls, proxies, or NATs in the way,
> I would hash together source IP, destination IP, source port, destination
> port, and IP ID.

As I feared, ip.id doesn't work in my case. My two captures are in
different networks, using a local client, and the remote server.  As
packets traverse these networks, the IDs seem to change. I guess
the equivalent of NAT is in play.

This also means the 'community-id' flow identified doesn't work
well for me, for similar reasons.

Is there a way I could share a pair of small captures with you?
(ten or so packets each); maybe there are some details within that
you may see I can use to associate these together.

> Regards,
>
> Josh Clark

--
Brian Reichert                          <reichert@xxxxxxxxxxx>
BSD admin/developer at large   
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe