finding communicating devices on network

asked 2021-10-13 19:03:27 +0000

I'm new to wireshark and was wondering what filters you should use to be able to tell which devices are actively communicating on the local area network. By active I mean devices that are both receiving and responding to traffic. I just opened a Pcap file that has thousands of packets so I'm having trouble figuring out how to remove the packets where, for example, a computer only sent out information and then shut down so it couldn't receive anything and is therefore not active.

To be honest I think it is unclear what you are trying to determine.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2021-10-15 06:48:47 +0000 )edit

answered 2021-10-14 08:28:31 +0000

Maybe look at the Conversations dialog (from Statistics -> Conversations) that shows what endpoints are communicating.

The next step would be to filter with ip.addr == if you think that machines is active by your definition.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2021-10-15 06:48:04 +0000 )edit

Asked: 2021-10-13 19:03:27 +0000

Seen: 1,262 times

Last updated: Oct 14 '21