This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can somebody help me out in understanding the statistics for the conversation for Ethernet in Wireshark. I have a Cisco_2d:fa:22 as Address A and Cisco_4d:f3:11 as Address B. So it looks like it is the ID for the Cisco device. I see their MAC addresses in the Ethernet section in Wireshark. But in the IP section, the source and destination IP addresses keep changing from one packet to another. I'm not sure I understand that. Thanks

asked 26 Feb '14, 20:18

character9's gravatar image

character9
16101012
accept rate: 0%


The two Cisco addresses are their MAC addresses; Wireshark just replaces the first three bytes (the vendor specific ones) with the vendor name. The names are taken from the "manuf" file found in the Wireshark installation directory.

Regarding the IP addresses: both devices are probably routers, which means that they forward IP packets for other systems. The IPs that you observe are the end node IP addresses, and it is quite typical that you see a lot of different IP addresses. You should probably read up a bit about how routing works ;-)

permanent link

answered 27 Feb '14, 00:43

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×86
×34

question asked: 26 Feb '14, 20:18

question was seen: 2,384 times

last updated: 27 Feb '14, 00:43

p​o​w​e​r​e​d by O​S​Q​A