I have two traces one on the server and one of the client; there is no fragmentation involved.In this case is it a good idea to filter using ip.id field capture lost packets. asked 12 May '15, 14:40  Ravneet |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Is there a router or firewall involved in this connection?
yes there is a firewall involved; actually its an ipsec tunnel between the two.
If the original IP header is preserved and not modified (especially the IP ID) then most likely, it could be used to synchronize the traces.
If not, you can disable the "use relative sequence numbers" in the TCP protocol to temporarily find the related TCP streams, and then go from there.