This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Odd question capture history of use

0

Can wireshark be used to capture the entire history on a router, for example I wish to capture all the IP addresses that have accessed my router in the past 60 days, how would I do this? Can wireshark do this, I am interested in the past access as well as the current.

Any advice if wireshark can't do this? Another method or software?

Thank you,

Keith C

asked 14 Aug '15, 12:46

kccan's gravatar image

kccan
6113
accept rate: 0%

Maybe I should rephrase I wish to capture all IPs that are on an old router, is this possible as I know routers have 64/32 MB of memory for this and wish to capture what is on my old router as I am looking for a specific date and time frame.

Reason for this is had a person come to my home vandalize my cars and well I am hoping to have captured their IP address on my router as who leaves home without their smart devices these days.

(14 Aug '15, 15:18) kccan

Reason for this is had a person come to my home vandalize my cars and well I am hoping to have captured their IP address on my router as who leaves home without their smart devices these days.

Erm.. Do you really think they would have tried to access your router before or after they have vandalized your car, like: Now, the car is 'done' let's order a pizza through this dudes open wlan?

Doesn't that sound weird in the same way it does to me?

You're asking for something that's not technically impossible, but very unlikely!

Please check the logs of your router if you find any unknown MAC address (not IP address). If you really find one (because they actually ordered a pizza through your open wlan), take that MAC address and go to the police.

(15 Aug '15, 02:45) Kurt Knochner ♦

Hello,

What I am presuming is the smart device would have pinged or tried to access my router which is a 3600HGV 2Wire, I have seen the logs via web browser access but I am presuming they go back further than 30 days. I have not reset this router, all I want to do is download the logs so I can find that date and specific time frame and review the IP/MAC addresses that were attempting to access the router. I presume all smart devices attempt to access networks as you know you can see all the wifi networks in your area, using your smart phone.

Thank you, is there software that can easily do this, I would let this go but I have to see the person whom did it everyday twice a day, when we drop off our kids at school. All over a parking spot on a public street. Thanks again.

Keith C

(17 Aug '15, 10:14) kccan

2 Answers:

1

I wish to capture all the IP addresses that have accessed my router in the past 60 days, how would I do this?

Send a message to yourself 60 days in the past, telling them to start tcpdump/snoop/dumpcap/TShark/Wireshark/whatever.

Seriously, nobody's done much work, as far as I know, on thiotimoline-based semiconductors, so the ability to get information from the past that wasn't recorded in the past is a bit limited.

The same applies to other methods, such as logging done on the router; if it didn't log the accesses when they happened, and nothing else on your network did, you're out of luck.

answered 14 Aug '15, 15:05

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Hello,

What I am presuming is the smart device would have pinged or tried to access my router which is a 3600HGV 2Wire, I have seen the logs via web browser access but I am presuming they go back further than 30 days. I have not reset this router, all I want to do is download the logs so I can find that date and specific time frame and review the IP/MAC addresses that were attempting to access the router. I presume all smart devices attempt to access networks as you know you can see all the wifi networks in your area, using your smart phone.

Thank you, is there software that can easily do this, I would let this go but I have to see the person whom did it everyday twice a day, when we drop off our kids at school. All over a parking spot on a public street. Thanks again.

Keith C

(17 Aug '15, 10:14) kccan

I have seen the logs via web browser access but I am presuming they go back further than 30 days.

Why? Maybe they don't. This forum post claims there's no manual for the 3600HGV, but points to a manual for the 3800HGV and says it should apply to the 3600HGV as well as the 3600HGV only lacks the coax and USB port and the ability to do HPNA. That manual says, on the "Troubleshooting - Event Log Page" page, that

The Troubleshooting – Event Log page displays events for the broadband and local network. Log information is stored in a fixed-size buffer. When the buffer is full, the oldest items are purged from the log.

so there's some limit, and, if the buffer fills up in 30 days or less, the logs don't go back further than 30 days.

(17 Aug '15, 11:27) Guy Harris ♦♦

all I want to do is download the logs ... is there software that can easily do this

I don't know of any.

(17 Aug '15, 11:29) Guy Harris ♦♦

Thank you for the assist. Much appreciated.

(18 Aug '15, 13:00) kccan

1

As per my other answer, that will be possible only if your router kept a log of those accesses when they happened; a sniffer such as Wireshark wouldn't help unless you were running it when the vandalism happened.

I'd suggest looking at the documentation for your router, and any other information you can find out about it, and see what logs it keeps. I infer from the second paragraph of your comment that this is a Wi-Fi access point/router, and that you're hoping to see 802.11 probe requests and the like from mobile devices, so that's what you'll want to look for in any logs kept by the router.

answered 14 Aug '15, 15:43

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%