Why do I see packets that where source and destination are not my IP address

3
votes

Im new to the networking world and I'm trying to use wireshark to get a hang of how packets are sent from my machine etc. Hence this question might be a dumb one.

When I open the wireshark packet analyzer GUI (on windows 7) there is a source and destination column. It shows packets where source IP is not mine and the destination IP is not mine either. Why is this happening? My network interface card should be receiving and sending only packets addressed to/sent from my IP address, right? (attaching a screenshot. My IP address is 10.177.255.186)

wireshark screenshot

Thanks.

1
networkingipwiresharkpacket
I dont why my screenshot is not showing up. I uploaded it here: dropbox.com/s/xa7nvs9nuzcteym/Untitled.pngPoornima Prakash
Maybe the router has no way of knowing that your computer isn't connected to other machines with a second ethernet card. Then it would be reasonable for it to try forwarding packets through your machine? I'm guessing.Dan Ross
My machine is connected to the network through a LAN cable.Are you saying that my machine acts as a router and is passing packets around ? I didnt know that is even possible !Poornima Prakash
I'm not sure it's possible, I'm just guessing. Imagine if your machine was being used as a firewall between the main internet connected router, and an isolated router for vulnerable equipment that should never be exposed directly to the net. It would have two network cards, and it would pass traffic that wasn't it's own.Dan Ross
Your router has no way of knowing the layout of your network, it just tries to send packets anywhere it can in hope that some of them will eventually hop to their destination before their time to live expires. I'm oversimplifying a bit, and I'm not an expert, but you get the idea.Dan Ross

1 Answers

1
votes

On a small LAN all packets are generally broadcast to everyone. By broadcast I mean that the data is physically sent to everyone. When received the network interface determines if the packet was sent to you by looking at the address.

Using Wireshark your network interface can be set into promiscuous mode which means that all packets are captured and sent from the network interface to the CPU. This allows programs like Wireshark to record all those packets and not just the ones addressed for your computer.

Edit: However the packets don't have to be sent to all computers. A hub can be used to connect multiple computers together and acts as just a repeater meaning all packets are always sent everywhere (except on the wire where the packet came from). A switch however is similar but smarter. If three computers A, B and C are connected to a switch and A sends a packet to B then the packet will first arrive at the switch. If the switch knows what wire B is connected to then it will only send it down that wire. If it doesn't know it sends it everywhere and later if B replies to A the switch will figure out what wire B is on. This means that C will generally never get to see any of the messages sent between A and B once the switch knows what wires A and B are on.