Subject says it all. I am tracking some weird traffic, one of the characteristics is that all packets from several different sources have the same IP ID. I have been capturing samples using tcpdump and I am now going back through my archived data to see when this started. Having the ID would help positively identify the traffic. Cheers, Russell