Link to home
Start Free TrialLog in
Avatar of leblanc
leblanc

asked on

Wireshark conversation statistics

Can the experts help me out in understanding the statistics for the conversation for Ethernet in Wireshark. I have a Cisco_2d:fa:22 as Address A and Cisco_4d:f3:11 as Address B. So it looks like it is the ID for the Cisco device. I see their MAC addresses in the Ethernet section in Wireshark. But in the IP section, the source and destination IP addresses keep changing from one packet to another.
I'm not sure I understand that. Thanks
ASKER CERTIFIED SOLUTION
Avatar of Netman66
Netman66
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of leblanc
leblanc

ASKER

I am not sure I understand. So how do I find out the IP addresses of those IP addresses?
SOLUTION
Avatar of Netman66
Netman66
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of leblanc
leblanc

ASKER

I am just trying to understand the Ethernet conversation statistics. When I look at the IPv4 conversation, I can see that there is a conversation between two layer-3 end-points. So I thought that for the Ethernet conversation, you also have a conversation between 2 end points at layer 2. But what confuses me is I have the MAC address of the 2 end-points. But layer 3 keep changing.
Sorry, I am fairly new to Wireshark.
SOLUTION
Avatar of Netman66
Netman66
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Darr247
Darr247
Flag of United States of America image
Have you tried right-clicking on one of the conversations and choosing Follow TCP Stream ?
SOLUTION
Avatar of giltjr
giltjr
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of leblanc
leblanc

ASKER

"choosing Follow TCP Stream" is my next step. I did it earlier but I only see garbage.
Avatar of giltjr
giltjr
Flag of United States of America image
It probably because what ever stream you are following does not contain text, that is human readable data.

Example: If you follow a ssh or ssl(like https) session the data is encrypted.  If you follow an HTTP session and the server compresses the responses, Wireshark does not decompress the stream when you follow it.
SOLUTION
Avatar of Darr247
Darr247
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of skullnobrains
skullnobrains
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial