0

enter image description here

Given image i'm not able to identify which is source and destination ip address ( client or server). From STUN protocol 1st packet it's user request so i thought 131.202.240.150 is client ip address. From DTLS 5th packet Client hello i thought 131.202.240.87 is client ip address. Which one is correct and why?

David Roonie
  • 3
  • 2
  • What do you mean by "client" and "server"? – Michael Hampton Jul 11 '21 at 14:14
  • client here means the host who is requesting service(my machine ). – David Roonie Jul 11 '21 at 18:40
  • You already know who the server is! So why do you not know who the client is? – Michael Hampton Jul 11 '21 at 18:41
  • this is taken from opensource dataset and captured on the computer whoever took this captures. Now i want to know his ip address through dtls, stun protocol. The client and server were both in same network. But i want to know the ip address of computer on which this captures are taken. – David Roonie Jul 11 '21 at 18:44
  • It is not possible to know that by looking at the capture. It may be neither of them. You will have to ask whoever made the capture. – Michael Hampton Jul 11 '21 at 18:47
  • Why not. client and server can easily be distinguised if it was Tcp protocol by SYN flag. why can't through dtls, stun both have some features over it. – David Roonie Jul 11 '21 at 18:48
  • You keep asking completely different questions! Please take a moment to think about what it is you actually want to know. – Michael Hampton Jul 11 '21 at 18:49
  • no my question remains same to get client and server ip addresses from given capture. client is who requests first something. if the capture was tcp. then syn flag denotes the request sent by client to make a connection. then the source (client) can be easily identified. Similarly i am asking to distinguish client , server based on those dtls, stun protocols. Client can be simply defined as who initiates request. Kindly see the image shared through link – David Roonie Jul 11 '21 at 18:52
  • It is completely obvious from the image which host initiated the DTLS traffic, so I'm not sure why you asked this question at all. – Michael Hampton Jul 11 '21 at 18:56
  • from STUN protocol i can see the other host initiated the stun traffic. – David Roonie Jul 12 '21 at 03:43
  • Hmm. You seem to be assuming that this capture is _complete_, and that is not a safe assumption. There may have been traffic that took place prior to starting the capture. And the STUN traffic doesn't matter anyway. – Michael Hampton Jul 12 '21 at 10:18

0 Answers0