how to tell which computers are connected to the network if the computer is hidden via "file and printer sharing for ms networks" under properties under network connections asked 31 Oct '12, 18:14  wiresharkhel... |
2 Answers:
Your question addresses two topics "Which computers" and "file and printer sharing". From the network perspective you are probably more looking at hosts. A host can be anything, like a printer, a telephone, a computer or several other things. Identifying the computers (i. e. hosts) is easy: Statistics -> Endpoints gets you a list of MAC addresses. Each of address sending data (don't count Broadcast for the moment) translates to one host (or computer, if you don't have network printers, telephones etc). Usually you are more interested in the IP addresses used by these computers. The IP addresses are listed in the IPv4 tab, you should be able to tell your local addresses from the remote addresses contacted your systems. The "file and printer sharing" part probably means, that you want to identify computers running Microsoft Windows, or more generally speaking, computers running the NetBIOS/SMB/CIFS protocol family. This protocol family uses the following ports:
Depending on the systems configuration the workstation will announce their presence periodically through one or more protocols, even if they are hidden from your Windows Explorer. Just capture traffic for some time and apply the filter udp.port == 137 or udp.port == 138 or tcp.port == 139 or tcp.port == 445 Again, use Statistics -> Endpoints -> IPv4 and set a check mark "Limit to display filter". Voila. Good hunting! answered 01 Nov '12, 01:39  packethunter |
'file and printer sharing' does not hide any computer on the network it just makes printers and file shares available for others on the network. So, what are you actually looking for? Regards answered 01 Nov '12, 02:27  Kurt Knochner ♦ |
