leblanc
asked on
Wireshark conversation statistics
Can the experts help me out in understanding the statistics for the conversation for Ethernet in Wireshark. I have a Cisco_2d:fa:22 as Address A and Cisco_4d:f3:11 as Address B. So it looks like it is the ID for the Cisco device. I see their MAC addresses in the Ethernet section in Wireshark. But in the IP section, the source and destination IP addresses keep changing from one packet to another.
I'm not sure I understand that. Thanks
I'm not sure I understand that. Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am just trying to understand the Ethernet conversation statistics. When I look at the IPv4 conversation, I can see that there is a conversation between two layer-3 end-points. So I thought that for the Ethernet conversation, you also have a conversation between 2 end points at layer 2. But what confuses me is I have the MAC address of the 2 end-points. But layer 3 keep changing.
Sorry, I am fairly new to Wireshark.
Sorry, I am fairly new to Wireshark.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have you tried right-clicking on one of the conversations and choosing Follow TCP Stream ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"choosing Follow TCP Stream" is my next step. I did it earlier but I only see garbage.
It probably because what ever stream you are following does not contain text, that is human readable data.
Example: If you follow a ssh or ssl(like https) session the data is encrypted. If you follow an HTTP session and the server compresses the responses, Wireshark does not decompress the stream when you follow it.
Example: If you follow a ssh or ssl(like https) session the data is encrypted. If you follow an HTTP session and the server compresses the responses, Wireshark does not decompress the stream when you follow it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER