My Q: On my first overall use I chose to view tcp vs http. Wondering what this might mean: It says: Who has (xyz IP address)? tell (my IP address) Source: dellpcba_f5:75:85 - destination: broadcast - protocol: ARP second: Source: Cisco_eb:db:dd - DellPcba_f5:75:85 - Protocol: ARP Then it says: xyz IP address is @ 00:14:f1:eb:db:dd Thank you. asked 24 Nov '10, 09:47  valioop edited 24 Nov '10, 10:00 |
One Answer:
This is an ARP Request and an ARP response, which basically means that the Dell PC is looking for the Ethernet MAC address of a Cisco Router, which probably is the default gateway. Even though the Dell PC is communicating from it's own IP to the target IP (on OSI layer 3) the actual frame needs to be transported by Layer 2 (Ethernet in this case), and for that the Dell PC asks for the Ethernet MAC to be able to send the packet. It is sort of a "name resolution" between layer 2 and 3. answered 24 Nov '10, 11:07  Jasper ♦♦ Gotcha! :) (24 Nov '10, 11:54) valioop |
Check out some of the free Wireshark training courses we offer over at chappellseminars.com. There are also some practice trace files and videos over at wiresharkbook.com.