Ask Your Question

ip source and destination appears to be backwards

asked 2019-02-07 17:04:57 +0000

jbpollard gravatar image

updated 2019-02-07 17:06:29 +0000

My ip.src filter doesn't seem to be working correctly It looks to be backwards. Or am I looking at the data flow backwards its suppose to be flowing from to

image description

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted

answered 2019-02-07 18:21:26 +0000

Amato_C gravatar image

Try this display filter:

ip.src== && tcp.srcport==1911

The /20 in your display filter is causing both the and since both of these IP addresses are part of the network ( to

edit flag offensive delete link more

answered 2019-02-07 18:55:19 +0000

jbpollard gravatar image

That worked thanks!. Still confused is to why it shows the destination as because I am sending information out from that address and I have port 1911 blocked so shouldn't be able to send data to I am running wireshark on computer. Am I just confusing what the source and destination really is I am think from is source and to is destination.

edit flag offensive delete link more


Which answer helped! Your "answer" should be moved as a comment under the appropriate one.

grahamb gravatar imagegrahamb ( 2019-02-07 19:01:34 +0000 )edit

answered 2019-02-07 18:32:05 +0000

grahamb gravatar image

I think it's the tcp.srcport == 1911 element of your filter that's the issue, it's restricting traffic to the flow from that port. To see the traffic going in the other direction you'd have to either or tcp.srcport == 61140 to see both srcports, or change the port filter to tcp.port == 1911 to see any packet that uses that port either as source or destination.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-02-07 17:04:57 +0000

Seen: 1,741 times

Last updated: Feb 07 '19