0

finding communicating devices on network

asked 2021-10-13 19:03:27 +0000

I'm new to wireshark and was wondering what filters you should use to be able to tell which devices are actively communicating on the local area network. By active I mean devices that are both receiving and responding to traffic. I just opened a Pcap file that has thousands of packets so I'm having trouble figuring out how to remove the packets where, for example, a computer only sent out information and then shut down so it couldn't receive anything and is therefore not active.

edit retag flag offensive close merge delete

Comments

To be honest I think it is unclear what you are trying to determine.

hugo.vanderkooij ( 2021-10-15 06:48:47 +0000 )edit

1 Answer

Sort by » oldest newest most voted

0

answered 2021-10-14 08:28:31 +0000

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

Maybe look at the Conversations dialog (from Statistics -> Conversations) that shows what endpoints are communicating.

edit flag offensive delete link

Comments

The next step would be to filter with ip.addr == 10.1.2.3 if you think that machines is active by your definition.

hugo.vanderkooij ( 2021-10-15 06:48:04 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Question Tools

1 follower

Stats

Asked: 2021-10-13 19:03:27 +0000

Seen: 1,070 times

Last updated: Oct 14 '21

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.

Powered by Askbot version 0.10.2