Sure, I can take a look.
On Mon, Aug 28, 2023 at 14:07 Brian Reichert wrote:
> On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote:
> > Personally, as long as there are no firewalls, proxies, or NATs in the
> way,
> > I would hash together source IP, destination IP, source port, destinati
On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote:
> Personally, as long as there are no firewalls, proxies, or NATs in the way,
> I would hash together source IP, destination IP, source port, destination
> port, and IP ID.
As I feared, ip.id doesn't work in my case. My two captures are i
On Mon, Aug 28, 2023 at 11:57:54AM -0500, chuck c wrote:
> https://github.com/corelight/community-id-spec
> "When processing flow data from a variety of monitoring applications (such
> as Zeek and Suricata), it's often desirable to pivot quickly from one
> dataset to another."
>
> A Community ID i
On Mon, Aug 28, 2023 at 08:54:39AM -0700, Josh Clark wrote:
> How controlled will the network be between the two capture locations? Are
> there any firewalls, load balancers, proxies, NATs, or anything like that?
No NAT, just evidence of latency we need to nail down.
> If none of those are the ca
https://github.com/corelight/community-id-spec
"When processing flow data from a variety of monitoring applications (such
as Zeek and Suricata), it's often desirable to pivot quickly from one
dataset to another."
A Community ID implementation for Wireshark.
https://gitlab.com/wireshark/wireshark/-
How controlled will the network be between the two capture locations? Are
there any firewalls, load balancers, proxies, NATs, or anything like that?
If there are, then whatever correlation you do will have to factor in the
specific configuration and device characteristics.
If none of those are the
This question isn't specific to Wireshark, but I couldn't find a
good forum. By all means, I'm open to suggestions as to where it
would be more appropriate to ask about this.
Anyway:
I'm trying to automate the reconciliation of a pair of packet
captures of a TCP session.
This is sort of a combi