This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

VERY Novis User - Question

0

My Q:

On my first overall use I chose to view tcp vs http. Wondering what this might mean:

It says: Who has (xyz IP address)? tell (my IP address)

Source: dellpcba_f5:75:85 - destination: broadcast - protocol: ARP second: Source: Cisco_eb:db:dd - DellPcba_f5:75:85 - Protocol: ARP

Then it says: xyz IP address is @ 00:14:f1:eb:db:dd

Thank you.

asked 24 Nov '10, 09:47

valioop's gravatar image

valioop
1112
accept rate: 0%

edited 24 Nov '10, 10:00

Check out some of the free Wireshark training courses we offer over at chappellseminars.com. There are also some practice trace files and videos over at wiresharkbook.com.

(27 Nov '10, 14:34) lchappell ♦

One Answer:

2

This is an ARP Request and an ARP response, which basically means that the Dell PC is looking for the Ethernet MAC address of a Cisco Router, which probably is the default gateway. Even though the Dell PC is communicating from it's own IP to the target IP (on OSI layer 3) the actual frame needs to be transported by Layer 2 (Ethernet in this case), and for that the Dell PC asks for the Ethernet MAC to be able to send the packet. It is sort of a "name resolution" between layer 2 and 3.

answered 24 Nov '10, 11:07

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Gotcha! :)

(24 Nov '10, 11:54) valioop