I should have included more detail in my post.
The connection between boths PCs would be via internet, not on a LAN.
We are dealing with an "issue" at my work wherein information is being sent out from any one of many computer stations by an unknown employee.
I can monitor traffic using wireshark on the receiving computer via internet but need to find something in the data that will tell me which station sent the info. If I was behind the company gateway (which I cant do at this time), I could simply use the Mac address however when the data hits the internet, I end up with the ISP router MAC instead. I will have an opportunity to physically inspect all work stations later and Im looking for something in the data capture that will tell me when I find the right box.
All PCs are using the same OS (WinXP) and are software similiar but not identical.
Thanks
D
Pedro Tumusok
<pedro.tumusok@xxxxxxxxx> wrote:
On Nov 24, 2007 9:59 PM, Bilal Alpertonga wrote:
> Hello,
>
> I want to ask a question,
> Why we can take MAC address of the router, not address of the PC,
>
> Which protocol makes this MAC change ?
>
> Regards,
> ega
>
Most likely because MAC addresses are only used in a brodcast domain,
ie it does not travers routers, because the router is an intermediate
that needs to recevie the traffic before "forwarding" it out on the
right interface.
And there is nothing that says all points between 2 PC's on 2
diffirent places on the internet uses Ethernet all the way to
communicate.
Or are you talking about your local lan?
--
Best regards / Mvh
Jan Pedro Tumusok
If I knew being here
with you today,
Would mean being alone tomorrow.
I would gladly trade all of my tomorrows away
For a moment with you.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
Get easy, one-click access to your favorites.
Make Yahoo! your homepage.
