Understanding the difference between client and source in packetbeat

I'm new to packetbeat and I just got it up and working. When I queried for some data, I noticed situations where the client.geo.country_iso_code field did not the same information as the source.geo.country_iso_code field. See this screenshot below:

I don't think I have a good grasp of what the difference is between client and source after reading the documentation:

My current grasp of the situation is that the client initiates the network connection and the source sends the data over a protocol. But why would the client and sender ever be two different things?

And likewise, why would the destination and host ever be different from each other?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.