Wireshark · Wireshark-users: Re: [Wireshark-users] How to know which MAC address is the true client that connect to the wireless

[Forthofer Russ <Russ.Forthofer@xxxxxxxxx>]

What type of router?  I suspect you are switching the internal network, and routing between the internal and external networks.    Are the two devices on the same subnet?

 

 

Are you seeing ALL wired traffic on the wireless network or only broadcasts, multicasts, etc.    If the wired  and wireless devices are on the same subnet, one would expect broadcasts (e.g., ARP traffic) to be seen on both the wired and wireless portions of the network.   Whether you see all traffic on both wired and wireless or just broadcast traffic depends on whether the device is acting as a switch or a hub.  

 

 

 

---

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Chin Shi Hong
Sent: Tuesday, November 16, 2010 7:40 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] How to know which MAC address is the true client that connect to the wireless network?

On Mon, Nov 15, 2010 at 9:01 PM, Yorian Wiltjer <zentinel17@xxxxxxxxx> wrote:

Chin,

A normal wireless access point bridges 802.3 (wired) to 802.11 (wireless).
Thanks to this bridge wireshark see both wiresless clients and wired
clients via the WAP.
I can think off two ways to get rid off the MAC's from wired cards.

One unplug the WAP  from your wired network.

OR

Use a router.
With a router all your wired MAC will be hidden behind the MAC off the router.
Just a simple router would do.

Hope its helps,
Yorian


2010/11/14 Chin Shi Hong <cshong87@xxxxxxxxx>:

>
>
> On Sun, Nov 14, 2010 at 3:24 AM, Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
> wrote:
>>
>> On Sat, Nov 13, 2010 at 10:24:05PM +0800, Chin Shi Hong wrote:
>>
>> > are the real wireless client that connect to the wireless network
>> > AA:BB:CC:DD:EE:FF, or it may be only one of them are the real wireless
>> > client connect to the wireless network AA:BB:CC:DD:EE:FF. How can I
>> > know which one is the real wireless client connected to wireless
>> > network AA:BB:CC:DD:EE:FF?
>>
>> I don't understand your question; why would any of the addresses not be
>> real ones?
>>
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> My "real wireless client" mean the computer connected to the network using
> wireless, not through other method.
>
> This is because I had done some testings. I tested with 2 computers. First
> computer connected to my wireless router by using wireless network adapter,
> while the second computer connected to my wireless router using wired
> connection. I had noticed that the MAC Address of the wired network adapter
> in second computer (the one using wired) are recorded as well, either as
> source address or destination address.
>
> This make me very hard to program my application to detect which MAC address
> is the MAC address of the wireless network adapter, not the wired network
> adapter.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

I 
am using router, and wireshark still see the MAC address of wired 
computer.

---

The information contained in this e-mail and any accompanying documents is intended for the sole use of the recipient to whom it is addressed, and may contain information that is privileged, confidential, and prohibited from disclosure under applicable law. If you are not the intended recipient, or authorized to receive this on behalf of the recipient, you are hereby notified that any review, use, disclosure, copying, or distribution is prohibited. If you are not the intended recipient(s), please contact the sender by e-mail and destroy all copies of the original message. Thank you.