mailing list archives
Re: How to correlate MAC and IP addresses
From: Andreas <AndreasSander1 () gmx net>
Date: Sat, 31 Aug 2013 08:57:11 +0200
Am 30.08.2013 07:21, schrieb Martin Visser:
Wireshark can't really do that, because like beauty, matching MAC to IP is
in the eye of the beholder ;-)
As a simple example you might have two routers running VRRP or HSRP to
provide next hop gateway redundancy, as well is ICMP redirect for good
measure. In this case traffic for one IP address could have multiple MAC
addresses, depending on whether you look at source or destination. All the
relationships are valid, and can change over the time of the length of the
capture. (Even an ARP response is only a point in time in match, and can
"wrong" at any time afterwards).
MAC addresses for hosts behind routers are not interesting since you can
only get the routers MAC address. But it would be helpful to get a table
of MAC/IP addresses for IP addresses in the "local" network.
It would have to be defined what "local" means. Since the PC running
Wireshark doesn't have to have an IP address in the monitored network
segment. So this "local network" had to be configurable.
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe