Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help in understanding wireshark


  • Please log in to reply
3 replies to this topic

#1 emeries13

emeries13

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 09 December 2016 - 07:31 PM

hi guys,

 

I live in Australia and i have been using wireshark to keep an eye on my internet connections etc, im not to tech savey with computers but i try my best.

 

Can someone tell me why im seeing ip addresses that are located in the US also in Amsterdam when im in Australia? im not using any VPN apps or anything like that, so im curious why im seeing these ip addresses. Is it normal that you router communicates with another country?

 

cheers jarrod

 

Frame 58: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
    Interface id: 0 (\Device\NPF_{73E0AB06-418F-41EB-907C-2188D15645C3})
    Encapsulation type: Ethernet (1)
    Arrival Time: Dec 10, 2016 11:15:43.400211000 AUS Eastern Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1481328943.400211000 seconds
    [Time delta from previous captured frame: 0.051074000 seconds]
    [Time delta from previous displayed frame: 0.051074000 seconds]
    [Time since reference or first frame: 5.846474000 seconds]
    Frame Number: 58
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: mygateway.gateway (e0:b9:e5:6d:67:f8), Dst: emeries-pc.gateway (d8:5d:e2:95:1e:0f)
    Destination: emeries-pc.gateway (d8:5d:e2:95:1e:0f)
    Source: mygateway.gateway (e0:b9:e5:6d:67:f8)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 162.125.34.129 (162.125.34.129), Dst: emeries-pc.gateway (10.0.0.70)
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 40
    Identification: 0xca23 (51747)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 48
    Protocol: TCP (6)
    Header checksum: 0xb168 [validation disabled]
    [Header checksum status: Unverified]
    Source: 162.125.34.129 (162.125.34.129)
    Destination: emeries-pc.gateway (10.0.0.70)
    [Source GeoIP: San Francisco, CA, 37.769699, -122.393303]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: https (443), Dst Port: 61116 (61116), Seq: 258, Ack: 898, Len: 0
 
Frame 77: 139 bytes on wire (1112 bits), 139 bytes captured (1112 bits) on interface 0
    Interface id: 0 (\Device\NPF_{73E0AB06-418F-41EB-907C-2188D15645C3})
    Encapsulation type: Ethernet (1)
    Arrival Time: Dec 10, 2016 11:15:49.954897000 AUS Eastern Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1481328949.954897000 seconds
    [Time delta from previous captured frame: 0.024695000 seconds]
    [Time delta from previous displayed frame: 0.024695000 seconds]
    [Time since reference or first frame: 12.401160000 seconds]
    Frame Number: 77
    Frame Length: 139 bytes (1112 bits)
    Capture Length: 139 bytes (1112 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:ssl]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: emeries-pc.gateway (d8:5d:e2:95:1e:0f), Dst: mygateway.gateway (e0:b9:e5:6d:67:f8)
    Destination: mygateway.gateway (e0:b9:e5:6d:67:f8)
    Source: emeries-pc.gateway (d8:5d:e2:95:1e:0f)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: emeries-pc.gateway (10.0.0.70), Dst: 137.116.173.181 (137.116.173.181)
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 125
    Identification: 0x475e (18270)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x71ad [validation disabled]
    [Header checksum status: Unverified]
    Source: emeries-pc.gateway (10.0.0.70)
    Destination: 137.116.173.181 (137.116.173.181)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Hong Kong, 00, 22.283300, 114.150002]
Transmission Control Protocol, Src Port: 51588 (51588), Dst Port: https (443), Seq: 1, Ack: 1, Len: 85
Secure Sockets Layer
 
Frame 185: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
    Interface id: 0 (\Device\NPF_{73E0AB06-418F-41EB-907C-2188D15645C3})
    Encapsulation type: Ethernet (1)
    Arrival Time: Dec 10, 2016 11:16:14.174200000 AUS Eastern Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1481328974.174200000 seconds
    [Time delta from previous captured frame: 0.062293000 seconds]
    [Time delta from previous displayed frame: 0.062293000 seconds]
    [Time since reference or first frame: 36.620463000 seconds]
    Frame Number: 185
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: emeries-pc.gateway (d8:5d:e2:95:1e:0f), Dst: mygateway.gateway (e0:b9:e5:6d:67:f8)
    Destination: mygateway.gateway (e0:b9:e5:6d:67:f8)
    Source: emeries-pc.gateway (d8:5d:e2:95:1e:0f)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: emeries-pc.gateway (10.0.0.70), Dst: 64.4.23.176 (64.4.23.176)
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 40
    Identification: 0x64ba (25786)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x341c [validation disabled]
    [Header checksum status: Unverified]
    Source: emeries-pc.gateway (10.0.0.70)
    Destination: 64.4.23.176 (64.4.23.176)
    [Source GeoIP: Unknown]
    [Destination GeoIP: San Jose, CA, 37.338799, -121.891403]
        [Destination GeoIP City: San Jose, CA]
        [Destination GeoIP Latitude: 37.338799]
        [Destination GeoIP Longitude: -121.891403]
Transmission Control Protocol, Src Port: 51286 (51286), Dst Port: 40022 (40022), Seq: 1, Ack: 3, Len: 0
 
Theres a few that i wonder about.
 
 
 

 

 

 

 


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:34 PM

Posted 09 December 2016 - 08:44 PM

Yes it's normal for your router to communicate all over the world. The internet is an interconnected series of machines spread over the planet, not a local service.

 

Here are the IP addresses you captured in these excerpts.

 

https://who.is/whois-ip/ip-address/137.116.173.181

https://who.is/whois-ip/ip-address/64.4.23.176

https://who.is/whois-ip/ip-address/162.125.34.129

 

As you can see there's nothing to worry about there. If you are wondering who an IP address belongs to you can always search it at

 

https://who.is

 

Regards

 

TsVk!



#3 emeries13

emeries13
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 09 December 2016 - 09:01 PM

thanks for that, much appreciated.

 

jarrod



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:34 PM

Posted 09 December 2016 - 09:25 PM

You're welcome. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users