https://stackoverflow.com/questions/23360040
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDoes the file have the routing information regarding the routing from the src ip to the destination ip?
Not in general.
The file has packets taken directly from the network, so, for example, if you captured an IP packet on an Ethernet, it would have the Ethernet source and destination addresses, which are the Ethernet address of the machine that sent the packet on that network and the Ethernet address of the machine on that network to which it was sent, and the IP source and destination addresses, which are the IP address of the machine that originally sent the packet and the IP address of the machine to which the packet is ultimately being sent.
The Ethernet addresses give the source and destination of one particular routing hop; the other routing hop information is not, in general, available.
The only way in which you'd have some routing information would be if the IPv4 header had the "record route" option, in which case each host that routed the packet would add its IP address to the list of IP addresses in that option. However, packets only very rarely have that option (and you'd probably have to modify the program sending the packet in order for it to have that option!) and, if the packet does have that option, it will only show the hosts through which the packet has already been routed, not the hosts through which the packet will next be routed on the path to the destination host.
If you want to know the routing path from a given IP address to another IP address, you'd need to use the traceroute command on UN*X, or the tracert command on Windows, on the source host, and hope that it works (the packets it sends might not cause the appropriate ICMP Time Exceeded Message message to be send back; traceroute and tracert depend on it being sent).
