Source and Destination Packets on Wireshark Relative or Absolute?

Question

New in Packet Analysis. Sniffing on the Ethernet device of my computer.

Does the Source and Destination columns on Wireshark tell the source and destination from where the packet was originated and its final destination or do they tell about their first/last source and destination when going in/out of the ethernet device?

Is there a way to determine the complete route of the package? How?

score 2 · Accepted Answer · answered Jun 28 '13 at 18:25

2

Wireshark shows what's in the packet - as in, the source is where the packet is from, and the destination is where it's supposed to go. Basically, the address of an envelope and the return address. You'd be able to determine the number of hops based on its TTL, but you can't see the entire route of a packet with a sniffer.

answered Jun 28 '13 at 18:25

Nathan C

14,901
4
42
62

1

That was fast. So the source and destination of a packet is not rewritten on route. But its Time To Live (TTL) value on its header is reduced in every hop? – Ventolinmono Jun 28 '13 at 18:35
That is correct. – Nathan C Jun 28 '13 at 19:35

score 0 · Answer 2 · answered Jan 25 '17 at 16:34

The TCP/IP and OSI models are packet peer to peer architectures i.e. Frame layer sends and receives to Frame layer, Ethernet layer sends and receives to Ethernet layer and so on to the application layer. So the originating and final destinations will be in the Application (Session) layer of the WireShark packet.

If you are viewing a protocol like SIP you can see the path a packet has taken so far in the VIA header information.

Source and Destination Packets on Wireshark Relative or Absolute?

2 Answers2