This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to resolve addresses in Wireshark?

0

I am trying to open a .cap file using Wireshark. I am facing problems with respect to the source and destination IP addresses. I obtained this .cap file by capturing network traffic using Microsoft Network Monitor. The .cap file when opened in Network Monitor displays the corresponding IP addresses. How to I obtain the same in Wireshark?

alt text

asked 04 Apr '11, 10:41

Bruce's gravatar image

Bruce
11447
accept rate: 0%


2 Answers:

2

To see IP addresses, Wireshark has to see IP traffic. It's saying "IEEE 802.11", which means Wireshark is seeing the 802.11 headers, but it's not seeing anything past that, such as IP headers.

Is that traffic encrypted (WEP, WPA, WPA2)? If so, to see IP traffic, Wireshark needs to be able to decrypt the traffic, so you'd have to tell it the password for the network; see the How To Decrypt 802.11 page in the Wireshark Wiki.

answered 05 Apr '11, 14:06

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

@Guy: Yes the traffic is encrypted. Also I should have mentioned this in the question but I connect to The Internet via a wireless AP.

(07 Apr '11, 23:32) Bruce

1

That depends on name resolution settings, see here.

answered 04 Apr '11, 22:32

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

@Jaap: How do I enable ARP name resolution. I can't see it in preferences. Or did ARP name resolution fail in my case?

(05 Apr '11, 05:56) Bruce