I've been asked in a assignment to analyze a packet trace and determine what kind of VNIC the user has on his or her machine. I'm finding this to be quite difficult however; I'm not quite sure what to look for. I'd appreciate getting pointed in the right direction. I mean whether the connection is through ethernet or a wireless 802.11 card
Asked
Active
Viewed 128 times
0
-
Do you already have the trace file or do you need to run a capture first? – SidR Dec 06 '12 at 10:50
2 Answers
1
Do you mean the manufacturer of the Ethernet/WLAN card? The first 6 bytes of the Ethernet address are called the Organization Unique Identifier, and you can look them up here:
Barmar
- 741,623
- 53
- 500
- 612
-
No, sorry to not be clear. I meant whether the connection is through ethernet or a wireless 802.11 card – user1553248 Dec 06 '12 at 08:34
-
I don't think that can be determined from the packet contents. I think WiFi frames are the same as Ethernet. – Barmar Dec 06 '12 at 08:36
-
1
1
If you have the capture file with you already then open the file with wireshark, and on the display filter type "wlan", then click Apply to filter out 802.11 packets. The display filter expression for ethernet is "eth". If there are any packets on display after you apply the display filter, then there were packets that used the protocol. You can look into the packets with Wireshark to see the ethernet II or 802.11 header.
You can download some sample captures of 802.11 and Ethernet II from http://wiki.wireshark.org/SampleCaptures.
SidR
- 2,964
- 1
- 18
- 32