Re: How to correlate MAC and IP addresses

[Martin Visser <martinvisser99 () gmail com>]

Wireshark can't really do that, because like beauty, matching MAC to IP is
in the eye of the beholder ;-)

As a simple example you might have two routers running VRRP or HSRP to
provide next hop gateway redundancy, as well is ICMP redirect for good
measure. In this case traffic for one IP address could have multiple MAC
addresses, depending on whether you look at source or destination. All the
relationships are valid, and can change over the time of the length of the
capture. (Even an ARP response is only a point in time in match, and can
"wrong" at any time afterwards).



Regards, Martin

MartinVisser99 () gmail com


On 30 August 2013 08:55, Hector Akamine <akamine () gmail com> wrote:

> Hi,
> Is there any way to correlate the IP addresses and MAC addresses that
> appear in a capture file (ie., to produce a table showing the MAC address
> that corresponds to each IP that appears in the capture file)?
> Going to Statistics > Endpoint I can only get the list of MAC addresses or
> the list of IP addresses separately.
>
>
> Thanks
> Hector
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe