Same host or different? How can you tell "over the wire"?
Jamie Landeg-Jones
jamie at catflap.org
Sat Mar 24 17:47:59 UTC 2018
Have you thought of examining the TCP timestamp field? Not necessarily for accurate uptime, but a way to determine if the hosts are the same.
Or some of the other fingerprinting methods? nmap has options for uptime and other fingerprinting : https://nmap.org/book/osdetect-usage.html
Of course, all this assumes the hosts are connected directly without any load balancing or some sort of firewall/proxy that fiddles with the packet data...
cheers, Jamie
More information about the freebsd-net
mailing list