On Jul 3, 2007, at 1:07 PM, ceo@xxxxxxxxxxxxx wrote:
When I try to trace Ethereal tcp packets containing HTTP protocol, I
see that the addressing (in the first column), do not follow the
addressing of the whole packet but its specific to the HTTP data.
This is a Wireshark (the new name for Ethereal, as of a little over a
year ago) issue, not a WinPcap issue; I'm redirecting it to the
wireshark-users mailing list, which is the list where questions about
Wireshark should be asked. Further discussion should take place on
that list. See
http://www.wireshark.org/lists/
for information on Wireshark mailing lists.
What do you mean by "follow the addressing of the whole packet" and
"specific to the HTTP data"?
The first column is probably the frame number, and the second column
is usually the packet time stamp. Do you mean the third column? If
so, that's usually the source IP address, which would be the IP
address that sent the packet; IP has no idea whether it's sending HTTP
or not. An IP datagram has an IP address; there is no notion that
part of one IP datagram has one IP address and another part has
another address, so the only addressing is "the addressing of the
whole packet" - there's no addressing specific to the HTTP data.
