sockets - Wireshark conversation list sides -

-

when wireshark conversation list opened (statistics ->conversation list) wireshark showing column of "packets a->b" , column of "packets b->a". when i'm sniffing on 1 side of traffic (physically) can see half mac addresses have traffic on "a->b" , not on "b->a" , other half other way around, makes sense, because sniffed on 1 side of conversations.

the question is: how wireshark decide address call "side a" , address call "side b"? it's easy see described above doesn't depend on side sent more packets/sent first packet , find hard believe decided randomally.

any appreciated.

looking @ the code fills list (ui/gtk/conversations_table.c:1726):

gtk_list_store_insert_with_values(store, &iter, g_maxint,         conv_column_src_addr, src_addr,         conv_column_src_port, src_port,         conv_column_dst_addr, dst_addr,         conv_column_dst_port, dst_port,         conv_column_packets,  conv_item->tx_frames+conv_item->rx_frames,         conv_column_bytes,    conv_item->tx_bytes+conv_item->rx_bytes,         conv_column_pkt_ab,   conv_item->tx_frames,         conv_column_bytes_ab, conv_item->tx_bytes,         conv_column_pkt_ba,   conv_item->rx_frames,         conv_column_bytes_ba, conv_item->rx_bytes,         conv_column_start,    start_time,         conv_column_duration, duration,         conv_column_bps_ab,   tx_ptr,         conv_column_bps_ba,   rx_ptr,         conv_index_column,    idx,         -1);

…we can see internally, don't use "address a" , "address b"—it's "source" , "destination" addresses of packet. can see "a→b" columns show tx (i.e. transmitted, outgoing) counts while "b→a" columns show rx (i.e. received, incoming) counts.


Comments

Post a Comment

Popular posts from this blog

html - Styling progress bar with inline style -

-
i trying set progress bar color red using inline style. need in way because have access <body> part of document. style need apply: progress { color: red } progress::-moz-progress-bar { background: red;} progress::-webkit-progress-value { background: red; } progress[aria-valuenow]:before { background: red; } i tried <progress style="background: red;"> incorrect effect, progress bar color turns blue red background. guide right direction desired style? thank in advance. here live example: https://jsfiddle.net/z36d3f6l/
Read more

java - Oracle Sql developer error: could not install some modules -

-
i have downloaded fresh copy of sqldeveloper ( sqldeveloper-4.1.3.20.78-no-jre ) oracle website. when unzip , lauch gui, keep getting following error message: warning - not install modules: dynamic module config - no module providing capability org.netbeans.netbinox found. my system: windows 7 32 bit hp probook. jdk 1.6 , 1.7, 1.8 available in java/jdk subdirectory. netbeans 8.0.2 installed finally got way out after dirty hours. extracted sqldeveloper zip in nested directory. i.e: e://a/b/c/sqldeveloper. starting sqldeveloper gui above directory threw erros. solution: go in c:\users**username**\appdata\roaming : delete sql developer , sqldeveloper folders extract sql developer zip in new non nested directory. i.e: e:// start , should work now reference: https://community.oracle.com/thread/3870680?start=0&tstart=0
Read more

How to use autoclose brackets in Jupyter notebook? -

-
this may sound silly question, how make use of autoclose brackets in jupyter notebook? example, when type print( jupyter notebook auto-closes brakets print() and places cursor inside. type argument, say print(1 + 1) now cursor between second 1 , right bracket ) . key navigate right of ) ? of course can press end or → or ) achieve this, not seem save time, purpose of brackets autoclose suppose? thanks in advance.
Read more