This should allow you to identify the protocol and physical interface through which they are connected, because you'll see both as fields of the frames which the display filter selects. If you are lucky, the actual detection of network neighbourhood takes place only after you open that window.Īfter the ghost devices show up, you would stop the capture and apply a display filter eth.addr = 00:08:15:00:08:15 (of course using the MAC address of the ghost device you are trying to identify). The IP address can be statically assigned to a NIC through system specific configuration, or dynamically. One machine can have a lot of IP addresses, as a machine can have more than one NIC, and a NIC can have more than one IP address (however, that's not widely used). Finding this out is what you can use Wireshark for - on a freshly rebooted Windows machine, start a Wireshark capture on all available network interfaces first, and then go Windows Explorer -> Network. Every NIC used to communicate through IP, must have at least one IP address. All of these IPs are devices connected to the LAN (192.168.1.0/24). I will leave the network config in the guest to Perry. The NIC in the vm should get a 10.x x.x address if you set it to NAT and some other IP if you set it to bridged (depending on what your DHCP server hands out). The addresses displayed here were dynamically assigned by the DHCP server in the LAN. 127.0.0.1 will be the IP of the loopback adapter. The output shows the IP, the MAC addresses, and their assignation type. If DHCP is unchecked, its my understanding that this management MAC address should not be showing up in wireshark captures trying to retrieve dhcp addresses every couple of seconds. Or they may use IP but be connected to some other network interface of your PC than the one which looks towards the router. The first IP address shown in the display is the Gateway (the same we found through the ipconfig command). Look at the CMC setup tab of the IOAs and you will see that Enable DHCP is UNCHECKED and a static IP address is entered. Too much is unknown about your network, so the fact that the home router does cannot see the MACs may be because the devices use some other protocol other than IP, so your PC can detect them using that protocol while your router cannot because it uses only IP and below. Wireshark passively shows you the contents of packets it can see on the network interfaces, so unless the devices write something like "I am a refrigerator " into the packets they send, Wireshark can only assist your own investigation what those devices are.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |