Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Wireshark gets the raw octets in the packets on a network from a network adapter (NIC) connected to that network, just as the networking stack on your machine (the software that implements TCP/IP) does. If a NIC on your machine didn't receive those packets, your machine wouldn't be able to communicate on the network to which that NIC is connected.

If you want to know how a NIC receives packets, you'll have to look up how that type of NIC works; that's not a Wireshark issue - Wireshark's just a user of the NIC.

If it's getting traffic that's not explicitly being sent to your machine and neither being broadcast nor multicast, the NIC is probably in promiscuous mode or monitor mode.