This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What exactly is happening?

0

hi, first things first; i am a noob so i will be asking noobish questions

i just captured a session for my LAN and was reading some intriguing traffic,

apparently my ip address is sending check sums (i believe they are check sums due to the the pattern and byte-size,via UDP to a IP address in germany,

from the logs now i googled the MAC address and got that LiteOne Tech, apparently they manufacture routers and such, now i have a wireless netgear router and it appears the source is this LiteOne router and the destination is the netgear router, can someone explain or expound further on what exactly this traffic means?

asked 14 Sep '11, 00:42

slacker's gravatar image

slacker
1111
accept rate: 0%

Given the nonexistent details you provide, there is nothing someone here can do to even guess what is happening - maybe you could provide some details or screenshots of your tracefile (anonymized of course)?

(14 Sep '11, 01:39) Landi

One Answer:

1

The MAC addresses signify the local point-to-point link used to transport the packets. So here you'll see the MAC address of your computer (the LiteOne Tech) and the networking equipment connected to it (The NETGEAR).

On top of that rides IP, among other (network) protocols.

On top of that rides UDP, among other (transport) protocols.

On top of that are your 'checksums'.

So to gain further insight in your traffic, study IP and UDP as well. The TCP//IP guide is a good starting point.

answered 14 Sep '11, 04:22

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%