Can somebody help me out in understanding the statistics for the conversation for Ethernet in Wireshark. I have a Cisco_2d:fa:22 as Address A and Cisco_4d:f3:11 as Address B. So it looks like it is the ID for the Cisco device. I see their MAC addresses in the Ethernet section in Wireshark. But in the IP section, the source and destination IP addresses keep changing from one packet to another. I'm not sure I understand that. Thanks asked 26 Feb '14, 20:18  character9 |
One Answer:
The two Cisco addresses are their MAC addresses; Wireshark just replaces the first three bytes (the vendor specific ones) with the vendor name. The names are taken from the "manuf" file found in the Wireshark installation directory. Regarding the IP addresses: both devices are probably routers, which means that they forward IP packets for other systems. The IPs that you observe are the end node IP addresses, and it is quite typical that you see a lot of different IP addresses. You should probably read up a bit about how routing works ;-) answered 27 Feb '14, 00:43  Jasper ♦♦ |
