This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capturing live IP’s in a network with its MAC Address?

0

Is it possible to capture all live IP Address in a network along with its MAC Address?? If yes, can someone explain me the way to acheive this task pls? Thank you.

asked 06 Oct '13, 17:33

Karthick's gravatar image

Karthick
21559
accept rate: 0%


2 Answers:

2

It depends almost entirely on how you define "network". Normally, if you run wireshark on your own computer, you will only see your own traffic, between your computer and the switch. If you're talking about your local broadcast domain, you may be able to 'mirror' all traffic transiting your local switch over to a 'SPAN' port on that switch and monitor all the traffic there using wireshark. In either case, wireshark will by default capture both the IP and MAC addresses of all the traffic that it sees. Simply fire up wireshark, select the network interface in use, and click "start". For information on SPAN ports, see the documentation provided by the switch vendor.

If you define 'network' as everything in your building or campus, then it becomes a much more difficult proposition, and would generally require access to resources on other switches not commonly available to the average end-user.

I'm ignoring for the purposes of this discussion tools like ettercap which would allow you to poison a given switch CAM table to re-direct certain traffic so that you can see it. Google "ettercap" if you wish to pursue that angle.

answered 06 Oct '13, 19:47

griff's gravatar image

griff
36139
accept rate: 10%

thank you.

(06 Oct '13, 21:30) Karthick

as soon as your "network" has routers: no, you probably can't do that, because MACs are "hidden" behind routers - they are only visible in the local broadcast segment. So unless you capture everywhere in all broadcast zones you won't be able to map all IPs to their MACs.

(07 Oct '13, 00:55) Jasper ♦♦

1

Is it possible to capture all live IP Address in a network along with its MAC Address?

Not really, as 'live' does not mean a system will also send and/or receive data. In that case the system might be alive, but still invisible for you.

A network capture tool is not an ideal solution for this kind of problem. As others have already answered: You will detect those systems that are local to your capture device (remote also possible with certain capture setups), including their MAC address, however you will only see those systems that are communicating while you capture data.

I suggest to use a network scanner to identify all live systems on the local network (including their MAC address + much more information about those systems). There are many tools out there, so I'll name only two:

Regards
Kurt

answered 07 Oct '13, 08:18

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

hello kurt can you please help me how to change source coulumn so i can only see IP address as i am seeing MAC address when i try to copy file from source to destination. [email protected]

(09 Apr '16, 05:24) aliimran63