Hi,
I am using pcapng format to store data from my modem. Modem supports two interfaces (PPP/IP) and I am using two IDB sections in pcapng to represent this. However both interfaces have the same IP as seen from TCP and higher layers and they
don’t exist at the same time.
When I generate conversations statistics from ethereal for a particular TCP flow which started on Interface 1 and ended on Interface 2 it shows up as two separate flows in conversation statistics with same ip:port pairs. Is there a way
I can configure wireshark to recognize same connection on different Interface Ids in the pcapng files and generate conversation statistics combining the data from different interfaces?
Pavan.