This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Ethernet(802.3) traffic from unknown ip?

0

Hi all, I'm brand new to the world of Packet Capturing, well...I should say networking in general, so I apologize if my question comes accross as me looking for a spoonfed answer...

I've been pentesting(still learning) my windows machine lately, and sometimes I leave my AP open, and where I live it doesn't take long before someone connects and I start getting traffic from that mac. Recently a new mac address has popped up and is now generating traffic from what appears to be an ethernet connection! This cant be possible because I have the only physical access to my router. During this capture I however was not connected to the wired interface, but to my wifi, which started to worry me. I've read some posts here and saw that it could be an error in my configuration.

this is the frame summary

5820    664.995713000   Netgear_xx xx xx    GemtekTe_xx xx xx   LLC 1432    I, N(R)=16, N(S)=0; DSAP NULL LSAP Individual, SSAP ISO Network Layer (OSLAN 2) Command    IEEE 802.3 Ethernet

I want to know why this is showing up as a wired connection, and if possible, interperet the data being sent back and forth. I am the admin of this router, so I should have all the sources to do this, I just dont know how. Can anyone point me in the right direction? Thanks in advance!

asked 13 Dec '14, 21:55

Bonkers's gravatar image

Bonkers
1112
accept rate: 0%

edited 14 Dec '14, 03:16

grahamb's gravatar image

grahamb ♦
19.8k330206