i have a pcap file that have DNS records. i want to seperate different flows of DNS from each other. i right click on each record and then follow -> udp stream. by doing this wireshark showing the stream (flow) that this record is in it. but i think the streams that wireshark shows me is incorrect. i think in a flow source addreass, destination address, source port and destination port of packets should be the same and also the time of that packets should be near to each other ( my mean is that those packets should be next to each other in wireshark) . is it true? but in wireshark happen this: packets from time 0.000 to time 2.3056 and also the packets from time 2056.890 to time 2058.032 are in the same stream (flow)!!!! i think it is not correct because there are a lot of DNS records from time 2.3056 and 2056.890 that this host is transmitted and recieved. so i think DNS records from time 0.000 to time 2.3056 and DNS records from time 2056.890 to time 2058.032 can not be in same stream (flow). please help me
