Hi
No NAT being done, neither loadbalancing&firewall in the path.
On Thu, Sep 1, 2011 at 3:15 PM, Sake Blok
<sake@xxxxxxxxxx> wrote:
On 1 sep 2011, at 11:14, samarjit das wrote:
> I have taken sniffer capture at both ends(source & destination) of communication but how can I track a single packet at both sides of capture. Is there any unique # tagged into the packet from which it can be identified that this is the packet reaching the destination side capture which was sent by source.
That depends on the devices that are in the path. Is there NAT being done or loadbalancing or maybe a firewall with some sanitization?
Things you might be able to match packets by:
- src-ip,dst-ip,tcp-srcport,tcp-dstport,tcp-sequence tuple (of course a quick search on the tcp sequence number also works most of the times)
- src-ip,dst-ip,ip-id tuple (a search on ip-id will also work, but might give you quite a few false positives as it is a 16-bit value)
- Some part of the payload data maybe good to search for
The right-click option "copy as filter" comes in handy in these cases, combined with "Find packet (the display filter option)"
Good luck,
Cheers,
Sake