Wireshark mailing list archives
Re: Help on data from wiresharck
From: Graham Bloice <graham.bloice () trihedral com>
Date: Wed, 4 Oct 2017 12:23:37 +0100
On 4 October 2017 at 12:07, Antonio Bernabei <abernabei () otticabernabei com> wrote:
But why there is HuaweiTe Is it a phone trying to connect to our lan? Maybe by wifi?
The element "HuaweiTe_21:8d:a5" indicates a device with a MAC address corresponding to one issued by HuaweiTe and probably using IP address 192.168.1.111 was sending the request. A MAC address contains info about the device vendor and a unique per-device value. See the Wiki page on Ethernet addresses for for info: https://wiki.wireshark.org/Ethernet. Wireshark helpfully translates the vendor prefix (for known values) of a MAC address hence the "HuaweiTe_" part. The "raw" value is shown in parentheses in the packet list. The translation is controlled by the preference setting Name Resolution -> Resolve MAC addresses. To check for possible ARP spoofing you would need to confirm the MAC address of your gateway, hopefully visible in the UI of the device, and compare it with the "raw" value displayed in Wireshark. -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Help on data from wiresharck Antonio Bernabei (Oct 03)
- Re: Help on data from wiresharck Graham Bloice (Oct 04)
- Re: Help on data from wiresharck sunil singh (Oct 04)
- Re: Help on data from wiresharck Antonio Bernabei (Oct 04)
- Re: Help on data from wiresharck Graham Bloice (Oct 04)
- Re: Help on data from wiresharck Guy Harris (Oct 04)
- Re: Help on data from wiresharck Anne Blankert (Oct 05)
- Re: Help on data from wiresharck Antonio Bernabei (Oct 04)