I have the wind 7 PC with Wireshark installed. I captured the traffic from my network card interface. How can I tell it is the inbound or outbound traffic from the captured file? Thank you asked 30 Apr '14, 15:31  log edited 01 May '14, 01:55  grahamb ♦ |
2 Answers:
If the packets are coming from the IP your Windows 7 PC had during capture they are outgoing. If they're sent to the IP of the PC they're incoming. You can also do this based on the Ethernet MAC address of the PC's network card (which you can find out by entering "ipconfig /all" on a command prompt). answered 30 Apr '14, 16:56  Jasper ♦♦ |
Hopefully since your here you know your IP and MAC Address, but if not use cmd prompt with command Ipconfig /all or viewing Control Panel> Network and Internet>Networking Sharing Center>View Network Status and Tasks. Then under active networks click the connections link and select details. Your capture shows source and destination column containing addresses. If your IP is in the source column, the traffic is outgoing, if your IP is in the destination column then the traffic is incoming. If the traffic shows 255.255.255.255 in the destination it is broadcast traffic on your subnet and can be incoming if the source is from another IP address. There are also multicast addresses that start with 224.x.x.x that can also be incoming if from another IP. answered 30 Apr '14, 19:55  cptamericajd |
Thank you Jasper and Cptamericajd. You answer is very helpful. I am clear now. Thank you again.