Wireshark mailing list archives
Re: How to correlate MAC and IP addresses
From: Andreas <AndreasSander1 () gmx net>
Date: Sat, 31 Aug 2013 08:57:11 +0200
Am 30.08.2013 07:21, schrieb Martin Visser:
Wireshark can't really do that, because like beauty, matching MAC to IP is in the eye of the beholder ;-) As a simple example you might have two routers running VRRP or HSRP to provide next hop gateway redundancy, as well is ICMP redirect for good measure. In this case traffic for one IP address could have multiple MAC addresses, depending on whether you look at source or destination. All the relationships are valid, and can change over the time of the length of the capture. (Even an ARP response is only a point in time in match, and can "wrong" at any time afterwards).
MAC addresses for hosts behind routers are not interesting since you can only get the routers MAC address. But it would be helpful to get a table of MAC/IP addresses for IP addresses in the "local" network.
It would have to be defined what "local" means. Since the PC running Wireshark doesn't have to have an IP address in the monitored network segment. So this "local network" had to be configurable.
A/ ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to correlate MAC and IP addresses Hector Akamine (Aug 29)
- Re: How to correlate MAC and IP addresses Martin Visser (Aug 29)
- Re: How to correlate MAC and IP addresses Andreas (Aug 31)
- Re: How to correlate MAC and IP addresses Martin Visser (Aug 29)