This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Apple broadcast sniffed with tcpdump

0

Hey, i ran a sniff with tcpdump on my jailbroken iPhone running ios 8.1.2 and while reading it i found this

alt text

What is this?

asked 10 Jan '15, 10:37

LGMan's gravatar image

LGMan
11446
accept rate: 100%


One Answer:

0

Yes it's ARP and is expected, see the RFC, or read any basic networking book. The host with IP 192.168.1.101 (some Apple manufactured device) is looking for the gateway at 192.168.1.1 which appears to be a DLink device.

The Apple and D-LinkIn parts appear because you have "Resolve MAC Addresses" enabled for the capture which allows the manufacturer specific part of the MAC address to be resolved to the name.

answered 10 Jan '15, 14:18

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%