I've been using Ethereal/Wireshark for many years. Today I've been using Wireshark 1.8.2 to look at UDP packets between an embedded device I am developing and a PC. Everything works OK, except the Source and Destination IP addresses seem to be swapped on the display. Actually the TCP source/destination seem swapped as well. When looking at the Ethernet II header display, the source and Destination are swapped there as well.
Win XP 32bit.
The ICMP (ping) display looks fine
When you say that the IP addresses, the TCP source/destination, and the Ethernet addresses are ALL swapped, it sounds like they all match the appropriate device. So, when Wireshark says that a particular packet is FROM the PC and TO the embedded device, what makes you think that it's really the other way around? Is it possible that you've accidentally dragged either the source or destination columns so that the destination column is before the source column?
answered 21 Sep '12, 09:27