Wireshark-users: Re: [Wireshark-users] How to know which MAC address is the true client that conn
Does anyone know of a Trace to capture Symantec Endpoint Traffic?
Thanks.
Regards,
David Shephard SR Network Engineer
Information Systems, United Federation Of Teachers Welfare Fund
52 Broadway, 8th Floor
New York, NY 10004
Office-(212)-539-0640
Cell-(908)-468-9482
david.shephard@xxxxxxxxx
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Yorian Wiltjer
Sent: Tuesday, November 16, 2010 8:36 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] How to know which MAC address is the true client that connect to the wireless network?
2010/11/16 Chin Shi Hong <cshong87@xxxxxxxxx>:
>
>
> On Mon, Nov 15, 2010 at 9:01 PM, Yorian Wiltjer <zentinel17@xxxxxxxxx>
> wrote:
>>
>> Chin,
>>
>> A normal wireless access point bridges 802.3 (wired) to 802.11 (wireless).
>> Thanks to this bridge wireshark see both wiresless clients and wired
>> clients via the WAP.
>> I can think off two ways to get rid off the MAC's from wired cards.
>>
>> One unplug the WAP from your wired network.
>>
>> OR
>>
>> Use a router.
>> With a router all your wired MAC will be hidden behind the MAC off the
>> router.
>> Just a simple router would do.
>>
>> Hope its helps,
>> Yorian
>>
>>
>> 2010/11/14 Chin Shi Hong <cshong87@xxxxxxxxx>:
>> >
>> >
>> > On Sun, Nov 14, 2010 at 3:24 AM, Stephen Fisher
>> > <steve@xxxxxxxxxxxxxxxxxx>
>> > wrote:
>> >>
>> >> On Sat, Nov 13, 2010 at 10:24:05PM +0800, Chin Shi Hong wrote:
>> >>
>> >> > are the real wireless client that connect to the wireless network
>> >> > AA:BB:CC:DD:EE:FF, or it may be only one of them are the real
>> >> > wireless
>> >> > client connect to the wireless network AA:BB:CC:DD:EE:FF. How can I
>> >> > know which one is the real wireless client connected to wireless
>> >> > network AA:BB:CC:DD:EE:FF?
>> >>
>> >> I don't understand your question; why would any of the addresses not be
>> >> real ones?
>> >>
>> >>
>> >> ___________________________________________________________________________
>> >> Sent via: Wireshark-users mailing list
>> >> <wireshark-users@xxxxxxxxxxxxx>
>> >> Archives: http://www.wireshark.org/lists/wireshark-users
>> >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> >>
>> >> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>> >
>> > My "real wireless client" mean the computer connected to the network
>> > using
>> > wireless, not through other method.
>> >
>> > This is because I had done some testings. I tested with 2 computers.
>> > First
>> > computer connected to my wireless router by using wireless network
>> > adapter,
>> > while the second computer connected to my wireless router using wired
>> > connection. I had noticed that the MAC Address of the wired network
>> > adapter
>> > in second computer (the one using wired) are recorded as well, either as
>> > source address or destination address.
>> >
>> > This make me very hard to program my application to detect which MAC
>> > address
>> > is the MAC address of the wireless network adapter, not the wired
>> > network
>> > adapter.
>> >
>> >
>> > ___________________________________________________________________________
>> > Sent via: Wireshark-users mailing list
>> > <wireshark-users@xxxxxxxxxxxxx>
>> > Archives: http://www.wireshark.org/lists/wireshark-users
>> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> >
>> > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>> >
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> I am using router, and wireshark still see the MAC address of wired
> computer.
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
How is your set up?
Internet
|
|
wired-------"Router"-------Wireless
network network
OR
wired--------switch----router---WAP---wireless network
network
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
*******************************************************************************
The views, opinions, and judgments expressed in this message are solely those of the author. The message contents have not been reviewed or approved by the UFT Welfare Fund.
*******************************************************************************