I'm a bit of a layman with this, so I apologize if I'm using the wrong terms. Say I have a device that has an IP in it and has no method to reset. I have no idea what the IP/subnet/gateway might be. I have seen wireshark on a Linux machine find the IP of a device like this but in Windows I have only been able to find it if I know the IP range it is in 10.X, 192.x etc. If my adapter is not set to an IP in the same range as the device, wireshark will not see any requests from the device. Is this a limitation of windows or is there something else I can try? I've tried but XP Pro SP3 and W7 Ultimate. asked 20 Feb '12, 11:10 wirelark |
One Answer:
Wireshark can only capture packets that "pass through" the interface you are capturing on. Wireshark displays the packets that are captured, only you can determine if those packets belong to your mysterious device as there is nothing in Wireshark to "find" an IP, it only displays them. If you have some means to generate traffic to your device, and that traffic is present on the capturing interface then you should see the packets in Wireshark. The packets that are captured depend on your network interface, whether you have promiscuous mode enabled (and whether the interface supports it) and what the interface is connected to (a hub, switch or router). Have a look at the Capture Setup page on the Wiki for more information on capturing. answered 20 Feb '12, 12:05 grahamb ♦ |
I have just been using it to show me the ip broadcast when I first power the device but that only works if my network interface is set to the correct range. I usually know the mac address so it's easy to filter out. It sounds like I need to enable promiscuous mode or find a different network adapter.
What type of network interface is it? There are plenty of problems with WiFi ones on Windows, but I've not heard of a wired one that won't go into promiscuous mode.