Hi I am trying to do packet analysis of my network. I have directly connected my computer with my home router. At the wireshark capture, the first 6 packets are sent through the NBNS protocol (source IP: 192.168.1.255 and destination IP: 192.168.1.255) whereas the 7th packet is sent through the IGMP protocol (source IP: 192.168.1.1 and destination IP: 224.0.0.12). Is this normal? then I open the internet explorer to connect with wwww.microsoft.com and it does the TCP handshake with 6 different IP addresses. Is this normal? some of these TCP handshakes connect with msn and microsoft IP but some other connect to some IP like bnetfile or autonomy or hpvmm control kwdb-commn (according to the Info Tab of the of the packet list pane) thanks in advance asked 13 Feb '11, 09:03 Stefi |
One Answer:
The first time I looked at the network traffic being sent by my PC, I was pretty amazed at all the stuff that goes on "under the covers" and the number of sites contacted by my browser. :) What you describe doesn't particularly sound strange, although I can't speak to the destinations being contacted by IE. Delving into the network traffic in & out of your PC can be a great learning experience, but it can also be a bit overwhelming since there's a lot of different protocols which normally get used: E.G., Everything from HTTP (hyper text transfer protocol) to DNS (domain name system) to NTP (network time protocol) to NBNS (netbios naming service) to IGMP (internet group management protocol) to .... Welcome to the world of networking ! Is there a particular issue that you want to address by doing the packet analysis ? answered 14 Feb '11, 23:10 Bill Meier ♦♦ |