I have three machines that are part of the same network - computer A, which is running Wireshark, computer B, and printer C. I have a packet capture log showing computer B's MAC address flooding the network with unicast ARP requests to printer C's MAC address, asking about the owner of printer C's IP address and asking for a response to computer B's IP address. Printer C is disconnected from the network when this happens. How can Wireshark running on computer A be recording this, given that all of the ARP requests are unicast, not broadcast? asked 06 Mar '17, 20:07 jdm |
One Answer:
ARP request is broadcast, not unicast. This is why it is ARP'ing in the first place...to find the mac address with the destination IP address. Look at the destination mac in the L2 Ethernet header, it will be FF:FF:FF:FF:FF:FF answered 06 Mar '17, 21:08 Rooster_50 edited 06 Mar '17, 21:11 |