Just started Wireshark and loving it so far, slowly working my way through the documentation and getting the hang of it, however, I was wondering if a guru could give me a bit of advice to what is going on in these two instances.
Firstly, 192.168.1.3 is appearing a lot, what is it? I don't believe I have a .3 full stop, somebodies Laptop or something maybe?
192.168.1.254 192.168.1.255 NBNS 92 Name query NB HOME<1d>
192.168.1.3 224.0.0.1 IGMPv3 60 Membership Query, general
192.168.1.254 224.0.0.1 IGMPv3 60 Membership Query, general
192.168.1.254 192.168.1.255 BROWSER 271 Host Announcement BTHUB3, Workstation, Server, Print Queue Server, Xenix Server, NT Workstation, NT Server, Potential Browser, DFS server
192.168.1.3 224.0.0.1 IGMPv3 60 Membership Query, general
192.168.1.254 224.0.0.1 IGMPv3 60 Membership Query, general
192.168.1.3 224.0.0.1 IGMPv3 60 Membership Query, general
192.168.1.254 192.168.1.255 NBNS 92 Name query NB HOME<1d>
Sagemcom_c1:bc:c3 Broadcast ARP 60 Who has 192.168.1.254? Tell 192.168.1.3
192.168.1.254 224.0.0.1 IGMPv3 60 Membership Query, general
192.168.1.3 224.0.0.1 IGMPv3 60 Membership Query, general
192.168.1.3 192.168.1.255 BROWSER 271 Local Master Announcement BTHUB3, Workstation, Server, Print Queue Server, Xenix Server, NT Workstation, NT Server, Master Browser, DFS server
192.168.1.3 192.168.1.255 BROWSER 249 Domain/Workgroup Announcement HOME, NT Workstation, Domain Enum
192.168.1.3 224.0.0.1 IGMPv3 60 Membership Query, general
192.168.1.254 192.168.1.255 NBNS 92 Name query NB HOME<1d>
and secondly this below as I am struggling to work out what 192.168.1.71 actually is on my network either ha :-(
192.168.1.71 192.168.1.255 NBNS 110 Registration NB <01>
192.168.1.71 192.168.1.255 NBNS 110 Registration NB UOD<00>
192.168.1.71 192.168.1.255 NBNS 92 Name query NB ISATAP<00>
192.168.1.71 255.255.255.255 DHCP 342 DHCP Inform - Transaction ID 0x2de5bfde
192.168.1.71 192.168.1.255 NBNS 92 Name query NB UOD<1c>
192.168.1.71 192.168.1.255 NBNS 92 Name query NB ISATAP<00>
192.168.1.71 192.168.1.255 NBNS 92 Name query NB UOD<1c>
192.168.1.71 192.168.1.255 BROWSER 220 Request Announcement OLGA-HP
192.168.1.71 192.168.1.255 BROWSER 243 Host Announcement OLGA-HP, Workstation, Server, Print Queue Server, NT Workstation, Potential Browser
192.168.1.71 255.255.255.255 DHCP 342 DHCP Inform - Transaction ID 0x2de5bfde
192.168.1.71 192.168.1.255 NBNS 92 Name query NB ISATAP.HOME<00>
192.168.1.71 192.168.1.255 NBNS 92 Name query NB UOD<1c>
192.168.1.71 192.168.1.255 NBNS 92 Name query NB ISATAP.HOME<00>
192.168.1.71 192.168.1.255 BROWSER 232 Browser Election Request
192.168.1.71 192.168.1.255 NBNS 92 Name query NB ISATAP.HOME<00>
192.168.1.71 192.168.1.255 NBNS 92 Name query NB ISATAP.HOME<00>
192.168.1.71 192.168.1.255 NBNS 110 Registration NB <01><02>__MSBROWSE__<02><01>
192.168.1.71 192.168.1.255 NBNS 110 Registration NB <01><02>__MSBROWSE__<02><01>
192.168.1.71 192.168.1.255 NBNS 110 Registration NB <01><02>__MSBROWSE__<02><01>
192.168.1.71 192.168.1.255 BROWSER 220 Request Announcement OLGA-HP
Print Queue Server, NT Workstation, Potential Browser, Master Browser
192.168.1.71 192.168.1.255 BROWSER 250 Domain/Workgroup Announcement UOD, NT Workstation, Domain Enum
192.168.1.71 192.168.1.255 BROWSER 243 Local Master Announcement OLGA-HP, Workstation, Server,
192.168.1.71 255.255.255.255 UDP 82 49156 → 1947 Len=40
192.168.1.71 255.255.255.255 UDP 82 49156 → 1947 Len=40
Any help would greatly appreciated.
Kind Regards,
Hit.
asked 08 Aug '16, 07:11
hitmanshark
6●1●1●3
accept rate: 0%
edited 08 Aug '16, 07:57
Jaap ♦
11.7k●16●101
Hello Sir,
Thank you very much for your help.
Sagemcom, Sky Routers. Which I have one currently at 192.168.1.254, Sagemcom_57:f2:f0.
So from this, can I deduce there has been another potentional Sky Sagemcom router connected?
Regarding the .71 connection, just looking at the capture now, it relates to a MAC: IntelCor_b3:5c:f2, which I am assuming is just a NIC?
Looking at what .71 is doing, is there anyway I can deduce what exactly? As I don't see this anywhere on any other machine connected?
Much appreciated.
Kind Regards,
Hit.
There are a couple more lines from .3 indicating it's likely to be a BT Hub making Windows filesharing announcements in the workgroup "HOME":
As for .71, it's also making windows filesharing announcements giving it's name as OLGA-HP in workgroup "UOD":