Ask Your Question
0

RX and TX packets identification

asked 2019-10-11 09:56:33 +0000

vladinko0 gravatar image

When I am capturing packets of some intarface how can I detect which are RX and TX packets?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-10-11 10:05:22 +0000

grahamb gravatar image

Depends on the network technology in use, but for the most common Ethernet, Tx packets will have the MAC address of the interface as the source and Rx packets will have the MAC address as the destination.

edit flag offensive delete link more

Comments

I am monitoring wlan0. So if I have this:

Receiver address: Broadcast (ff:ff:ff:ff:ff:ff) 
Destination address: Broadcast (ff:ff:ff:ff:ff:ff)
Transmitter address: Ubiquiti_5c:4f:18 (00:15:6d:5c:4f:18)

Does it means it is TX packet?

vladinko0 gravatar imagevladinko0 ( 2019-10-11 10:28:34 +0000 )edit

Broadcasts (i.e. with a MAC address of all f) are a bit more difficult to work out.

In the case shown above, which is Wi-Fi not Ethernet, additional info is available which shows the mac address of the transmitter (Transmitter address). All packets are effectively both Tx and Rx packets, generally what counts is who transmitted the packet and who was the intended recipient.

This also points out another issue when determining if a packet is an "Rx" packet, in that if the capture interface is in promiscuous mode (or monitoring for Wi-Fi), then the interface will "receive" packets not intended for that interface. Whether you count those as "Rx" packets is up to you.

grahamb gravatar imagegrahamb ( 2019-10-11 10:44:08 +0000 )edit

How can I find out, who has transmitted the packet? Interface is in monitoring mode. In the packet is:

Source address: IntelCor_03:13:ee (60:6c:66:03:13:ee)

It means IntelCor_03:13:ee (60:6c:66:03:13:ee) has transmitted the packet?

vladinko0 gravatar imagevladinko0 ( 2019-10-11 11:04:48 +0000 )edit

Yes. That is the MAC address of the interface used on the packet transmitter.

grahamb gravatar imagegrahamb ( 2019-10-11 11:38:59 +0000 )edit

But in some packets I don't have Source address, just receiver address:

Type/Subtype: Acknowledgement (0x001d)
Receiver address: SamsungE_6e:f9:7f (a8:9f:ba:6e:f9:7f)

Is it possible to find out who has transmitted the packet?

vladinko0 gravatar imagevladinko0 ( 2019-10-11 12:28:20 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-10-11 09:56:33 +0000

Seen: 37 times

Last updated: Oct 11