Wireshark-users: Re: [Wireshark-users] unique identifier for remote PC
From: "Pedro Tumusok" <pedro.tumusok@xxxxxxxxx>
Date: Sun, 25 Nov 2007 16:16:37 +0100
If you are doing it realtime, ie you are watching as the destination
computer is receving the data.
You could try to check the session tables on the gw router it should
tell you both dest and src ip of the session.


Pedro

On Nov 25, 2007 4:07 PM, d a <otto81494@xxxxxxxxx> wrote:
> I should have included more detail in my post.
>
> The connection between boths PCs would be via internet, not on a LAN.
>
> We are dealing with an "issue" at my work wherein information is being sent
> out from any one of many computer stations by an unknown employee.
>
>   I can monitor traffic using wireshark on the receiving computer via
> internet but need to find something in the data that will tell me which
> station sent the info. If I was behind the company gateway (which I cant do
> at this time), I could simply use the Mac address however when the data hits
> the internet, I end up with the ISP router MAC instead. I will have an
> opportunity to physically inspect all work stations later and Im looking for
> something in the data capture that will tell me when I find the right box.
>
> All PCs are using the same OS (WinXP) and are software similiar but not
> identical.
>
> Thanks
> D
>
>
>
> Pedro Tumusok <pedro.tumusok@xxxxxxxxx> wrote:
>
>  On Nov 24, 2007 9:59 PM, Bilal Alpertonga wrote:
> > Hello,
> >
> > I want to ask a question,
> > Why we can take MAC address of the router, not address of the PC,
> >
> > Which protocol makes this MAC change ?
> >
> > Regards,
> > ega
> >
>
> Most likely because MAC addresses are only used in a brodcast domain,
> ie it does not travers routers, because the router is an intermediate
> that needs to recevie the traffic before "forwarding" it out on the
> right interface.
> And there is nothing that says all points between 2 PC's on 2
> diffirent places on the internet uses Ethernet all the way to
> communicate.
>
> Or are you talking about your local lan?
> --
> Best regards / Mvh
> Jan Pedro Tumusok
>
> If I knew being here with you today,
> Would mean being alone tomorrow.
> I would gladly trade all of my tomorrows away
> For a moment with you.
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>
>  ________________________________
> Get easy, one-click access to your favorites. Make Yahoo! your homepage.
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>



-- 
Best regards / Mvh
Jan Pedro Tumusok

If I knew being here with you today,
Would mean being alone tomorrow.
I would gladly trade all of my tomorrows away
For a moment with you.