Wireshark mailing list archives
Re: ICMP packets with two pairs of source and destination ip addresses?
From: nangergong <nangergong () gmail com>
Date: Wed, 6 Jun 2012 14:33:23 +0200
if a packet is with a src ip A and a dst ip B while with a src ip B and a dst ip A, what is the real direction? from A to B or from B to A? I get confused. On Wed, Jun 6, 2012 at 12:25 PM, ronnie sahlberg <ronniesahlberg () gmail com>wrote:
the ip layer appears twice in those packets. First as IP layer sitting above ETHernet layer Second as IP layer sitting above ICMP layer Same thing happens when you tunnel ip over ip On Wed, Jun 6, 2012 at 8:20 PM, nangergong <nangergong () gmail com> wrote:HI, all, I used tshark to parse a pcap file with icmp packets, tshark -r icmp -T fields -e frame.number -e ip.src -e ip.dst and the results are something like this: 1 74.125.132.188 138.96.192.56 2 74.125.132.188 138.96.192.56 3 138.96.192.56,74.125.132.188 74.125.132.188,138.96.192.56 4 138.96.192.56,74.125.132.188 74.125.132.188,138.96.192.56 5 74.125.132.188 138.96.192.56 6 138.96.192.56,74.125.132.188 74.125.132.188,138.96.192.56 7 74.125.132.188 138.96.192.56 8 138.96.192.56,74.125.132.188 74.125.132.188,138.96.192.56 9 74.125.132.188 138.96.192.56 10 138.96.192.56,74.125.132.188 74.125.132.188,138.96.192.56 11 74.125.132.188 138.96.192.56 12 138.96.192.56,74.125.132.188 74.125.132.188,138.96.192.56 so , like 3, 4, 6,8,10,12 , there are two src ip addr and dst ip addr what is the reason for this? thanks___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users () wireshark org Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- ICMP packets with two pairs of source and destination ip addresses? nangergong (Jun 06)
- Re: ICMP packets with two pairs of source and destination ip addresses? ronnie sahlberg (Jun 06)
- Re: ICMP packets with two pairs of source and destination ip addresses? nangergong (Jun 06)
- Re: ICMP packets with two pairs of source and destination ip addresses? Christopher Maynard (Jun 06)
- Re: ICMP packets with two pairs of source and destination ip addresses? nangergong (Jun 06)
- Re: ICMP packets with two pairs of source and destination ip addresses? ronnie sahlberg (Jun 06)