Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2021-04-02 23:46:25 +0000

SYN-bit gravatar image

If:

  • the packets from IP1 belong to the same UDP or TCP stream and
  • the packets from IP2 belong to the same UDP or TCP stream and
  • the packets are sent at regular intervals (like 20ms for RTP for instance)

Then you can filter on the stream delta times:

udp.time_delta > 0.025 or tcp.time_delta > 0.025

Another way would be to filter or search on the frame.number itself being odd or even in combination with the IP addresses, but then you need to know the starting conditions. If IP1 is on the odd frame.numbers and IP2 is on the even frame.numbers, then the following filter will spot packets that do not follow the pattern:

(ip.addr==<IP1>and not frame.number&1) or (ip.addr==<IP2> and frame.number&1)

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2