finding communicating devices on network

asked 2021-10-13

I'm new to wireshark and was wondering what filters you should use to be able to tell which devices are actively communicating on the local area network. By active I mean devices that are both receiving and responding to traffic. I just opened a Pcap file that has thousands of packets so I'm having trouble figuring out how to remove the packets where, for example, a computer only sent out information and then shut down so it couldn't receive anything and is therefore not active.

To be honest I think it is unclear what you are trying to determine.

hugo.vanderkooij ( 2021-10-15 )

answered 2021-10-14

grahamb

Maybe look at the Conversations dialog (from Statistics -> Conversations) that shows what endpoints are communicating.

The next step would be to filter with ip.addr == if you think that machines is active by your definition.

hugo.vanderkooij ( 2021-10-15 )

