On Apr 23, 2009, at 12:10 PM, Samson Martinez wrote:
Brand-new subscriber to this user-list – long time user of
Wireshark. I’ve been trying to determine the easiest method for
matching up packets that have been simultaneously captured on two
systems and I thought, it appears erroneously, that all the info in
the packets would match, including sequence numbers, etc.
For example, I took simultaneous captures on two separate servers
(Solaris servers using snoop) and then loaded both files into
Wireshark to compare. I used the timestamps & IP Identification
field to match up packets. However, the sequence numbers don’t match
up. Is this normal?
By "sequence numbers" are you referring to TCP sequence numbers, the
numbers in the "No." column in the display, or some other sequence
numbers?