In fact there are one or two gaps on the 192.168.1.4 side of the conversation showing that endpoint is a little busier than 162.159.241. Showing both endpoints are not being highly utilized at this point in time.
The IP ID #’s are pretty consecutive on both sides of the conversation. All the IP ID #’s are unique, no routing/switching loops. Once you verified that it’s time to go hunting for the loop.īy reviewing the IP ID numbers of the packets what can we tell about this conversation with ? The first thing you want to do is verify your capture point is functioning properly and make sure your capture point is in the right spot. The IP ID #’s will always increase, seeing the duplicate numbers means were are seeing the same packet more than once. Seeing the same IP ID #’s in the same packet capture could also identify switching or routing loops within our network. This is helpful in following a conversation over particular link changes. If the packets get fragmented they will have the same IP ID number, the Fragment Offset field will also be set as well. Depending on the numbers this could tell us if the end-devices could be overloaded, or under-utilized and depending on the situation that could point us to a smoking gun. If you are following a specific conversation we may see consecutive IP ID #’s or we could see large jumps in the IP ID # intervals. Remember the IP ID Value is specific to each individual and not to a specific conversation. The IP Identification field will increase by ‘1’ for every packet from the sender. 
This field can also give us a glimpse at how busy the end-devices are.Well, by reviewing the IP Identification numbers you can easily identify which packet was dropped in the conversation, by comparing the packet captures from two different capture points.Identifies the individual packets that the sender transmits.
This simple 16-bit field is displayed in Hex and has a few different uses, most importantly: There are many different fields in the various headers we get to examine during packet analysis, one of the most overlooked field is the IP Identification field.
0 kommentar(er)
