Wireshark mailing list archives

Re: newbie MAC->IP question

From: Martin Visser <martinvisser99 () gmail com>
Date: Sun, 20 Jun 2010 00:50:31 +1000

Janos,

It sounds like you might need to spend some time thinking about what
networking is meant to achieve. It is simply facilitate the connection
between hosts. Routers and switches should be "out of the way" as much as
possible.

Certainly modern switches are really just what we used to call transparent
bridges. The only time you should "see" them is things like management
protocols (like spanning tree protocol) or knowing that they filter traffic
to just the ports it needs to go (unicast traffic in general moves between
the interfaces the source and destination are on).

Routers also show themselves through management protocols (such as OSPF or
VRRP and the like ( and you might occasionally see ICMP packets to inform
hosts to change their behaviour). However they do reveal themselves quite
clearly as their physical interface address (MAC) becomes the source and
destination of traffic passing through it. The network layer (IP) won't
change from the original source and destination host (unless the router is
NATting).

I suggest reading up some basic IP networking tutorials and you will
understand why the network exhibits the behaviour you see.

Regards, Martin

MartinVisser99 () gmail com


On Sat, Jun 19, 2010 at 12:22 AM, János Löbb <janos.lobb () yale edu> wrote:

Hi,

Looking the Ethernet traffic I see the routers and switches with their
ethernet/MAC address.  However they do not show up in the IP traffic.  When
I look the Ethernet frame, I again see the MAC address, but I do not see its
IP address.Can Wireshark - or any other program on a Mac - translate a MAC
address into an IP ?

I looked at man arp, but I do not see it there either and arp -a do not
show the router.

The switches MAC address are in this form:  Cisco_ab:cd:ef  and the routers
name are like All-HSRP-routers_6a.

Thanks ahead,

János
P.S.  How can I capture only routers and Switch traffic and ignore all the
workstations and vice versa  ?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

newbie MAC->IP question János Löbb (Jun 18)
- Re: newbie MAC->IP question Martin Visser (Jun 19)
- Re: newbie MAC->IP question Guy Harris (Jun 19)
  - Re: newbie MAC->IP question Thierry Emmanuel (Jun 21)