Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2023-06-21 20:50:26 +0000

awagner gravatar image

Ethernet II contains unrelated src address

I've shown in yellow the src address that is unrelated to the selected packet. This address shows up in about 37% of my capture, again unrelated to the src listed in the packet selection. Should I be suspicious? Why would it be there?

Ethernet II contains unrelated src address

I've shown in yellow the src address that is unrelated to the selected packet. This address shows up in about 37% of my capture, again unrelated to the src listed in the packet selection. Should I be suspicious? Why would it be there?

Ethernet II, Src: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14), Dst: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0) Destination: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0) Address: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast)

[strong textTHIS IS THE UNRELATED SRC] Source: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14) Address: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800)

[THIS IS WHAT IS SHOWN IN THE PACKET LISTING] Internet Protocol Version 4, Src: SJC-efz.ms-acdc.office.com (52.96.69.66), Dst: 4662-JBH.JBHenderson.local (10.11.7.77) 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 1500 Identification: 0xd892 (55442) 010. .... = Flags: 0x2, Don't fragment ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 243 Protocol: TCP (6) Header Checksum: 0x1e8f [validation disabled] [Header checksum status: Unverified] Source Address: SJC-efz.ms-acdc.office.com (52.96.69.66) Destination Address: 4662-JBH.JBHenderson.local (10.11.7.77) enter code here

click to hide/show revision 3
None

updated 2023-06-21 21:33:49 +0000

Guy Harris gravatar image

Ethernet II contains unrelated src address

I've shown in yellow the src address that is unrelated to the selected packet. This address shows up in about 37% of my capture, again unrelated to the src listed in the packet selection. Should I be suspicious? Why would it be there?

Ethernet II, Src: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14), Dst: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0)
    Destination: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0)
        Address: 4662-JBH.JBHenderson.local (c4:cb:e1:0c:dd:e0)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 
[strong textTHIS (unicast)

[THIS IS THE UNRELATED SRC]
    Source: **Source: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14)
        Address: 4130-JBH.JBHenderson.local (2c:b8:ed:2a:0f:14) (2c:b8:ed:2a:0f:14)**
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
 
(0x0800)

[THIS IS WHAT IS SHOWN IN THE PACKET LISTING]
Internet Protocol Version 4, Src: **Src: SJC-efz.ms-acdc.office.com (52.96.69.66), Dst: 4662-JBH.JBHenderson.local 4662-JBH.JBHenderson.local** (10.11.7.77)
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 1500
    Identification: 0xd892 (55442)
    010. .... = Flags: 0x2, Don't fragment
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 243
    Protocol: TCP (6)
    Header Checksum: 0x1e8f [validation disabled]
    [Header checksum status: Unverified]
    Source Address: SJC-efz.ms-acdc.office.com (52.96.69.66)
    Destination Address: 4662-JBH.JBHenderson.local (10.11.7.77)
 enter code here