I'm currently studying for my test but I can't seem to figure this one out. I'm asked to figure out the source IP address out of this wireshark frame (using the reference image only), how would I be going about this?
Asked
Active
Viewed 1,138 times
2
-
1Hint: the first 54 bytes *include* the [IP header](https://en.wikipedia.org/wiki/IP_header) and [TCP header](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure). The HTTP data starts at the 55th byte (`GET ...`). The source/destination IP addresses are in the IP header, and the source/destination port numbers are in the TCP header. Good luck with your test. – Remy Lebeau Jan 14 '21 at 23:26
1 Answers
3
Source IP address is 172.22.7.134.
e0 3f 49 09 60 68 c8 2a 14 55 eb bd 08 00 - First 14 bytes will be layer 2 Ethernet frame.
Next 20 bytes belongs to IP version 4 where you can get source IP address and destination IP address.
45 - 1 Byte – version which is 4 and header length 5
00 – 1 Byte - DSCP value
01 a3 – 2 bytes – Total length : which is 419
18 84 – 2 bytes – identification
40 00 – flag and fragment offset
80 – time to live 128
06 – protocol : TCP (6)
00 00 – header checksum
ac 16 07 86 – Source IP address in hex which is 172.22.7.134 in dotted decimal format.
91 21 05 ad – Destination IP address in hex which is 145.33.5.173 in dotted decimal format.
Source IP address is 172.22.7.134 and your answer is located here,
Prasad 14723312
- 539
- 1
- 3
- 14