Re: Help on data from wiresharck

[Graham Bloice <graham.bloice () trihedral com>]

On 4 October 2017 at 12:07, Antonio Bernabei <abernabei () otticabernabei com>
wrote:

> But why there is
>
> HuaweiTe
>
> Is it a phone trying to connect to our lan? Maybe by wifi?
The element "HuaweiTe_21:8d:a5" indicates a device with a MAC address
corresponding to one issued by HuaweiTe and probably using IP address
192.168.1.111 was sending the request.

A MAC address contains info about the device vendor and a unique per-device
value.  See the Wiki page on Ethernet addresses for for info:
https://wiki.wireshark.org/Ethernet.

Wireshark helpfully translates the vendor prefix (for known values) of a
MAC address hence the "HuaweiTe_" part.  The "raw" value is shown in
parentheses in the packet list.  The translation is controlled by the
preference setting Name Resolution -> Resolve MAC addresses.

To check for possible ARP spoofing you would need to confirm the MAC
address of your gateway, hopefully visible in the UI of the device, and
compare it with the "raw" value displayed in Wireshark.

-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe