I am trying to sniff a session between a server on an "inside" segement and a server on a "DMZ" segment. The server on the inside is being NAT translated to the same address on the DMZ like so:
static (inside,DMZ) 10.1.1.1 10.1.1.1 netmask 255.255.255.255 0 0
The problem I am having is comparing the sniffer capture on the inside server to the one on the DMZ server because I think the TCP sequence numbers are being altered. The TCP port numbers appear to be maintained.
Does the PIX alter the TCP sequence numbers? If so does it do so in a predicatble manner?
Also can someone point me to documentation on this behavior?