Wireshark mailing list archives
Re: local IPs from pcap file
From: Sake Blok <sake () euronet nl>
Date: Wed, 26 May 2010 09:53:50 +0200
On 26 mei 2010, at 08:06, Andrej van der Zee wrote:
I was wondering if there is any way to deduct the local IPs from TCP/IP packets in pcap files? IP packets contain src and dst fields, but as far as I can see it is impossible to know which IP is bound to the host where the pcap file is generated.
If the host that was capturing has: 1) TCP checksum offloading *and* 2) Was sending TCP packets during the capture Then all outgoing packets from that host will have a bad TCP checksum (because the packets were captured before the NIC could change the checksum value to the proper value). Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- local IPs from pcap file Andrej van der Zee (May 25)
- Re: local IPs from pcap file Sake Blok (May 26)
- Re: local IPs from pcap file Andrej van der Zee (May 26)
- Re: local IPs from pcap file Sake Blok (May 26)
- Re: local IPs from pcap file Andrej van der Zee (May 26)
- Re: local IPs from pcap file Chris Maynard (May 28)
- Re: local IPs from pcap file Andrej van der Zee (May 30)
- Re: local IPs from pcap file Sake Blok (May 26)