Wireshark · Ethereal-users: [Ethereal-users] Re: Display

Ethereal-users: [Ethereal-users] Re: Display - packet details question..

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Wed, 30 Mar 2005 05:10:26 -0400

On Tue, 29 Mar 2005 10:12:27 -0500, Scott Lowrey <slowrey@xxxxxxxxxxx> wrote:
>         Jemiolo, John wrote:  
>      
...
> 2.      A few "ARP request" in packet  details, display an IP in  ()  after
> the source: Mac address, "Example:  Source: 00:0e:7f:xx:xx:xx ( #.#.#.#
> )".   Am I correct in assuming this  was MAC - IP translation was done by
> ethereal performing a sucessful   ARP?  and this data is recorded in the
> capture file?   
>   I don't know the answer for sure, but  I'm guessing that Ethereal is
> either reading the ARP cache on the local  machine or it is maintaing its
> own ARP table?

Ethereal builds an internal ARP table based on the ARP traffic it sees
in the capture.
So this means that this MAC address was seen and resolved by an ARP
packet in the capture itself.

References:
- [Ethereal-users] Display - packet details question..
  - From: Jemiolo, John
- Re: [Ethereal-users] Display - packet details question..
  - From: Scott Lowrey

Prev by Date: RE: [Ethereal-users] Display - packet details question..
Next by Date: RE: [Ethereal-users] RTP & UDP
Previous by thread: Re: [Ethereal-users] Display - packet details question..
Next by thread: RE: [Ethereal-users] Display - packet details question..
Index(es):
- Date
- Thread