Ask Your Question
0

Using wireshark how do i identify an unknown devices ip/mac.

asked 2019-02-28 15:50:27 +0000

cornz gravatar image

updated 2019-03-01 07:30:41 +0000

Jaap gravatar image

First time Wireshark user here.

OK, I have some "Cieffe Nettuno Codec" CCTV/IP encoders that I have no instructions for. What I am attempting to do is find out the inbuilt webservers IP address or some IP address I can access them with.

I have no instructions for these items so am operating blind. Can't find them online either. I followed an old guide on Youtube but his results didn't match with mine.

Essentially, I have found what I believe to be a reset button inside the units, when I press that my laptop and Wireshark will start grabbing packets but there is nothing to indicate what or where from. I do know the MAC address of the units but again, I can't seem to find it in anything Wireshark has found.

So, the chances are I'm doing something fundamentally wrong but no idea what. Any input gratefully received.

edit retag flag offensive close merge delete

Comments

March Networks comes up for Cieffe Nettuno, maybe you want to start by giving them a call? 303 Terry Fox Drive, Suite 200, Ottawa, Ontario, K2K 3J1, Canada https://www.marchnetworks.com/ +1 (800) 563-5564
http://www.adminsub.net/mac-address-f...

If you know the MAC of the unit, why don't you put it in the display filter "eth contains [THE MAC YOU KNOW]" and tell us what you see.

Typically CCTV/IP systems are set to DHCP by default, I am not saying it's the case with your system, but resetting it and checking your router for DHCP address assignment would be a good idea as well.

What if you don't even need wireshark, try scanning your network with https://www.advanced-port-scanner.com/

net_tech gravatar imagenet_tech ( 2019-03-02 17:18:52 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-02-28 21:11:47 +0000

updated 2019-03-01 07:31:33 +0000

Jaap gravatar image

Hi,

If you are running Wireshark on your laptop and capturing when it is plugged in the CCTV device then you should not have a ton of MAC addresses to deal with.

You can always use a capture filter to remove multicast traffic if you are running on IPv4.

not multicast

You do need to figure out what YOUR MAC address is. On Windows you can run ipconfig /all and look for the "Physical address".

When you are done capturing, you can check the Ethernet tab after clicking Statistics -> Conversation and see what MAC addresses are present in your capture. Right click any lines to "Apply as filter" (Selected...) and you'll then only see traffic for the MAC addresses you selected.

Hope that helps.

Cheers,

JF

edit flag offensive delete link more

Comments

You need to figure out your MAC address so know that it is yours and not the CCTV device's MAC.

Spooky gravatar imageSpooky ( 2019-02-28 21:14:01 +0000 )edit

Right, thank you for all the guidance. Im going to go through the advice and see if i can narrow the issue down.

cornz gravatar imagecornz ( 2019-03-03 09:40:41 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-02-28 15:50:27 +0000

Seen: 5,643 times

Last updated: Mar 01 '19