ip source and destination appears to be backwards

asked 2019-02-07

jbpollard

updated 2019-02-07 17:06:29 +0000

My ip.src filter doesn't seem to be working correctly It looks to be backwards. Or am I looking at the data flow backwards its suppose to be flowing from to

image description

3 Answers

answered 2019-02-07

Amato_C

Try this display filter:

ip.src== && tcp.srcport==1911

The /20 in your display filter is causing both the and since both of these IP addresses are part of the network ( to

answered 2019-02-07

grahamb

I think it's the tcp.srcport == 1911 element of your filter that's the issue, it's restricting traffic to the flow from that port. To see the traffic going in the other direction you'd have to either or tcp.srcport == 61140 to see both srcports, or change the port filter to tcp.port == 1911 to see any packet that uses that port either as source or destination.

answered 2019-02-07

jbpollard

That worked thanks!. Still confused is to why it shows the destination as because I am sending information out from that address and I have port 1911 blocked so shouldn't be able to send data to I am running wireshark on computer. Am I just confusing what the source and destination really is I am think from is source and to is destination.

Which answer helped! Your "answer" should be moved as a comment under the appropriate one.

grahamb ( 2019-02-07 )

Asked: 2019-02-07

