Wireshark-users: Re: [Wireshark-users] How to correlate MAC and IP addresses

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Fri, 30 Aug 2013 15:21:02 +1000
Wireshark can't really do that, because like beauty, matching MAC to IP is in the eye of the beholder ;-)

As a simple example you might have two routers running VRRP or HSRP to provide next hop gateway redundancy, as well is ICMP redirect for good measure. In this case traffic for one IP address could have multiple MAC addresses, depending on whether you look at source or destination. All the relationships are valid, and can change over the time of the length of the capture. (Even an ARP response is only a point in time in match, and can "wrong" at any time afterwards).



Regards, Martin

MartinVisser99@xxxxxxxxx


On 30 August 2013 08:55, Hector Akamine <akamine@xxxxxxxxx> wrote:
Hi,
Is there any way to correlate the IP addresses and MAC addresses that appear in a capture file (ie., to produce a table showing the MAC address that corresponds to each IP that appears in the capture file)? 
Going to Statistics > Endpoint I can only get the list of MAC addresses or the list of IP addresses separately.


Thanks
Hector


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe