Wireshark · Wireshark-users: Re: [Wireshark-users] [Winpcap-users] Http addressing with Ethereal

Wireshark-users: Re: [Wireshark-users] [Winpcap-users] Http addressing with Ethereal

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 3 Jul 2007 16:56:56 -0700


On Jul 3, 2007, at 1:07 PM, ceo@xxxxxxxxxxxxx wrote:

When I try to trace Ethereal tcp packets containing HTTP protocol, Isee that the addressing (in the first column), do not follow theaddressing of the whole packet but its specific to the HTTP data.

This is a Wireshark (the new name for Ethereal, as of a little over ayear ago) issue, not a WinPcap issue; I'm redirecting it to thewireshark-users mailing list, which is the list where questions aboutWireshark should be asked. Further discussion should take place onthat list. See


	http://www.wireshark.org/lists/

for information on Wireshark mailing lists.

What do you mean by "follow the addressing of the whole packet" and"specific to the HTTP data"?

The first column is probably the frame number, and the second columnis usually the packet time stamp. Do you mean the third column? Ifso, that's usually the source IP address, which would be the IPaddress that sent the packet; IP has no idea whether it's sending HTTPor not. An IP datagram has an IP address; there is no notion thatpart of one IP datagram has one IP address and another part hasanother address, so the only addressing is "the addressing of thewhole packet" - there's no addressing specific to the HTTP data.

Follow-Ups:
- Re: [Wireshark-users] [Winpcap-users] Http addressing with Ethereal
  - From: ceo

Prev by Date: [Wireshark-users] [ANNOUNCE] WinPcap 4.1 beta has been released
Next by Date: Re: [Wireshark-users] [Winpcap-users] Http addressing with Ethereal
Previous by thread: [Wireshark-users] [ANNOUNCE] WinPcap 4.1 beta has been released
Next by thread: Re: [Wireshark-users] [Winpcap-users] Http addressing with Ethereal
Index(es):
- Date
- Thread