Hi guys, I'm new to wireshark and I need to know how figure out the network topology from a wireshark capture, please can someone shed some light on the subject many thanks H asked 24 Apr '13, 12:26  harry82 |
One Answer:
There is no general method to do this. I usually look at the ip.ttl of inbound packets. Most platforms send with a default initial TTL so you can guess how far away (in terms of L3 hops) they are if you know the initial TTL. 3-way handshake tcp options can be used to determine the sending OS (p0f). MAC addresses and ARP packets give an idea of the local topology ... answered 24 Apr '13, 12:44  mrEEde2 |
what do you mean (exactly) by 'network topology'?