This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capturing in two machines

0

We send a text file from on computer (windows) to another (Linux) and we captured it in each computer. Is there a difference between each capture? My friend says there is a difference but I don't see it

asked 06 Mar '17, 15:04

Martix's gravatar image

Martix
11114
accept rate: 0%

Is there a difference between each capture?

There might be depending on many factors such as offload settings, network delay, etc.

but I don't see it

We don't either.

(06 Mar '17, 16:33) Bob Jones

One Answer:

2

When you ask about differences, do you mean in the capture format or in the data itself?

As far as the data goes, there will be a few differences:

  • The time each frame was seen
  • The source and destination MAC addresses (if the two machines are not on the same LAN segment
  • There could be more, depending on the network topology between the two machines. For example, the if the connection goes through a NAT'ing device or a proxy server, then the TCP sequence numbers may be different.

If you don't see any obvious difference, have a look at the timestamps and MAC addresses. Also, make sure you set your configuration to show the actual TCP sequence numbers and not relative ones. If the two machiens are on the same LAN segment, at minimum the timestamps will differ and the source/destination MAC and IP addresses will be swapped.

answered 08 Mar '17, 06:50

ryber's gravatar image

ryber
146459
accept rate: 16%