This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Source/Destination for UDP packets reversed in 1.8.2 windows 32

0

I've been using Ethereal/Wireshark for many years. Today I've been using Wireshark 1.8.2 to look at UDP packets between an embedded device I am developing and a PC. Everything works OK, except the Source and Destination IP addresses seem to be swapped on the display. Actually the TCP source/destination seem swapped as well. When looking at the Ethernet II header display, the source and Destination are swapped there as well.

Win XP 32bit.

The ICMP (ping) display looks fine

Thank you

asked 21 Sep '12, 08:03

KeithHam's gravatar image

KeithHam
1112
accept rate: 0%

edited 21 Sep '12, 08:52


One Answer:

0

When you say that the IP addresses, the TCP source/destination, and the Ethernet addresses are ALL swapped, it sounds like they all match the appropriate device. So, when Wireshark says that a particular packet is FROM the PC and TO the embedded device, what makes you think that it's really the other way around? Is it possible that you've accidentally dragged either the source or destination columns so that the destination column is before the source column?

answered 21 Sep '12, 09:27

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

I share your concern. I have a massive headache today, so I am wondering about my fitness for any useful thought. That said, and considering Wireshark has been working flawlessly for me for over 10 years, operator error is a valid consideration.

I know what data is supposed to be flowing from one device to the other. The PC requests data (small packets), the Coldfire sends big packets of UDP data back. And that is exactly what I am seeing now (I.E I screwed up, and I apologize)

So please close this issue, this is (as I suspected,) my fault and I apologize for any wasted time. And thanks for the reply.

(21 Sep '12, 09:58) KeithHam