Ask Your Question
0

How to find the make and model of a local router? [closed]

asked 2019-12-02 19:32:52 +0000

losa2 gravatar image

updated 2019-12-05 20:33:50 +0000

Hello, I have a pcap file with about 1500 packets that I am using to figure out the make and model of the router used when my professor captured these packets.

I am completely new to wireshark and only know what a very limited amount of filters do. If anyone has any idea of a filter I could use to find this information it would be greatly appreciated.

Also, if someone does know of which filters to use, could they please provide an explanation? I'm new to this kind of stuff and want to learn as much as I can!

Thanks so much

EDIT: I figured it out. All I had to do was follow the TCP stream for a conversation between the "intruder's" device IP address and the router IP address.

There was a whole scenario for this assignment and I think it would be a waste of time if I explained the whole thing... which is why I'm closing this thread.

Thanks to the people who offered their opinions! They helped me come to the realization that I was being an idiot.

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by losa2
close date 2019-12-09 16:47:30.955735

Comments

Do you have a plan for how to narrow down the 1500 packets to one that has info on the router?
Look at Statistics->Conversations and Statistics->Endpoints then make a diagram of what you learned about the network.

Chuckc gravatar imageChuckc ( 2019-12-03 23:13:56 +0000 )edit

@losa2,

The convention here is that you accept an answer by clicking the checkmark icon to the left of it and you don't close the question.

grahamb gravatar imagegrahamb ( 2019-12-04 11:25:34 +0000 )edit

@grahamb thanks. good thing it won't let me accept an answer since I don't have enough points. What do you suggest I do?

losa2 gravatar imagelosa2 ( 2019-12-05 20:35:36 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-12-05 20:33:54 +0000

losa2 gravatar image

Follow the TCP stream between the router and the user's IP addresses.

edit flag offensive delete link more

Comments

this is the right answer

losa2 gravatar imagelosa2 ( 2019-12-05 20:34:37 +0000 )edit
0

answered 2019-12-03 03:39:00 +0000

updated 2019-12-03 22:15:38 +0000

Hi,

There are two protocols that I can think off the top of my head that could be present in your capture where that information can be.

First one is Cisco Discovery Protocol (CDP) but is only for Cisco devices.

You can try a simple display filter with cdp

Second one is Link Layer Discovery Protocol (LLDP) which is an open standard.

You can try a simple display filter with lldp

Hope this helps.

Cheers,

Spooky

edit flag offensive delete link more

Comments

I appreciate your timely response. However, I figured it out. Turns out I just had to follow the TCP stream for this one conversation...

losa2 gravatar imagelosa2 ( 2019-12-05 20:29:50 +0000 )edit

Question Tools

Stats

Asked: 2019-12-02 19:32:52 +0000

Seen: 8,290 times

Last updated: Dec 05 '19