Re: How to know which MAC address is the true client that connect to the wireless network?

[Forthofer Russ <Russ.Forthofer () ssfhs org>]

What type of router?  I suspect you are switching the internal network, and routing between the internal and external 
networks.    Are the two devices on the same subnet?


Are you seeing ALL wired traffic on the wireless network or only broadcasts, multicasts, etc.    If the wired  and 
wireless devices are on the same subnet, one would expect broadcasts (e.g., ARP traffic) to be seen on both the wired 
and wireless portions of the network.   Whether you see all traffic on both wired and wireless or just broadcast 
traffic depends on whether the device is acting as a switch or a hub.



________________________________
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Chin Shi 
Hong
Sent: Tuesday, November 16, 2010 7:40 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] How to know which MAC address is the true client that connect to the wireless network?



On Mon, Nov 15, 2010 at 9:01 PM, Yorian Wiltjer <zentinel17 () gmail com<mailto:zentinel17 () gmail com>> wrote:
Chin,

A normal wireless access point bridges 802.3 (wired) to 802.11 (wireless).
Thanks to this bridge wireshark see both wiresless clients and wired
clients via the WAP.
I can think off two ways to get rid off the MAC's from wired cards.

One unplug the WAP  from your wired network.

OR

Use a router.
With a router all your wired MAC will be hidden behind the MAC off the router.
Just a simple router would do.

Hope its helps,
Yorian


2010/11/14 Chin Shi Hong <cshong87 () gmail com<mailto:cshong87 () gmail com>>:
> On Sun, Nov 14, 2010 at 3:24 AM, Stephen Fisher <steve () stephen-fisher com<mailto:steve () stephen-fisher com>>
> wrote:
> > On Sat, Nov 13, 2010 at 10:24:05PM +0800, Chin Shi Hong wrote:
> >
> > > are the real wireless client that connect to the wireless network
> > > AA:BB:CC:DD:EE:FF, or it may be only one of them are the real wireless
> > > client connect to the wireless network AA:BB:CC:DD:EE:FF. How can I
> > > know which one is the real wireless client connected to wireless
> > > network AA:BB:CC:DD:EE:FF?
> >
> > I don't understand your question; why would any of the addresses not be
> > real ones?
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
> > Archives:    http://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >
> > mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark org>?subject=unsubscribe
>
> My "real wireless client" mean the computer connected to the network using
> wireless, not through other method.
>
> This is because I had done some testings. I tested with 2 computers. First
> computer connected to my wireless router by using wireless network adapter,
> while the second computer connected to my wireless router using wired
> connection. I had noticed that the MAC Address of the wired network adapter
> in second computer (the one using wired) are recorded as well, either as
> source address or destination address.
>
> This make me very hard to program my application to detect which MAC address
> is the MAC address of the wireless network adapter, not the wired network
> adapter.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
> org>?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark 
org>?subject=unsubscribe

I am using router, and wireshark still see the MAC address of wired computer.


The information contained in this e-mail and any accompanying documents is intended for the sole use of the recipient 
to whom it is addressed, and may contain information that is privileged, confidential, and prohibited from disclosure 
under applicable law. If you are not the intended recipient, or authorized to receive this on behalf of the recipient, 
you are hereby notified that any review, use, disclosure, copying, or distribution is prohibited. If you are not the 
intended recipient(s), please contact the sender by e-mail and destroy all copies of the original message. Thank you.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe