how to determine the network topology in a capture

Hi guys,

I'm new to wireshark and I need to know how figure out the network topology from a wireshark capture, please can someone shed some light on the subject

many thanks

network topology

asked 24 Apr '13, 12:26

harry82
1●2●2●3
accept rate: 0%

what do you mean (exactly) by 'network topology'?

(24 Apr '13, 14:29) Kurt Knochner ♦

One Answer:

active answers oldest answers newest answers popular answers

There is no general method to do this. I usually look at the ip.ttl of inbound packets. Most platforms send with a default initial TTL so you can guess how far away (in terms of L3 hops) they are if you know the initial TTL. 3-way handshake tcp options can be used to determine the sending OS (p0f). MAC addresses and ARP packets give an idea of the local topology ...

permanent link

answered 24 Apr '13, 12:44

mrEEde2
336●4●6●14
accept rate: 20%

Your answer

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

network ×146
topology ×3

question asked: 24 Apr '13, 12:26

question was seen: 5,405 times

last updated: 24 Apr '13, 14:29

how to determine the network topology in a capture

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions