I've shown in yellow the src address that is unrelated to the selected packet. This address shows up in about 37% of my capture, again unrelated to the src listed in the packet selection. Should I be suspicious? Why would it be there?
1 | initial version |
I've shown in yellow the src address that is unrelated to the selected packet. This address shows up in about 37% of my capture, again unrelated to the src listed in the packet selection. Should I be suspicious? Why would it be there?
I've shown in yellow the src address that is unrelated to the selected packet. This address shows up in about 37% of my capture, again unrelated to the src listed in the packet selection. Should I be suspicious? Why would it be there?
Ethernet II, Src: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14), Dst: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0) Destination: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0) Address: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
[strong textTHIS IS THE UNRELATED SRC] Source: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14) Address: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800)
[THIS IS WHAT IS SHOWN IN THE PACKET LISTING] Internet Protocol Version 4, Src: SJC-efz.ms-acdc.office.com (52.96.69.66), Dst: 4662-JBH.JBHenderson.local (10.11.7.77) 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 1500 Identification: 0xd892 (55442) 010. .... = Flags: 0x2, Don't fragment ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 243 Protocol: TCP (6) Header Checksum: 0x1e8f [validation disabled] [Header checksum status: Unverified] Source Address: SJC-efz.ms-acdc.office.com (52.96.69.66) Destination Address: 4662-JBH.JBHenderson.local (10.11.7.77) enter code here
I've shown in yellow the src address that is unrelated to the selected packet. This address shows up in about 37% of my capture, again unrelated to the src listed in the packet selection. Should I be suspicious? Why would it be there?
Ethernet II, Src: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14), Dst: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0)
Destination: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0)
Address: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address [strong textTHIS