With HTTP-based web browsing traffic from a Windows host, you can determine the operating system and browser. Client Identifier details should reveal the MAC address assigned to 172.16.1[. Go to the frame details section and expand the line for Bootstrap Protocol (Request) as shown in Figure 2.Įxpand the lines for Client Identifier and Host Name as indicated in Figure 3.
Select one of the frames that shows DHCP Request in the info column. Note : With Wireshark 3.0, you must use the search term DHCP instead of boot. Open the cap in Wireshark and filter on boot pas shown in Figure 1. DHCP traffic can help identify hosts for almost any type of computer connected to your network. If you have access to full packet capture of your network traffic, a cap retrieved on an internal IP address should reveal an associated MAC address and hostname. In most cases, alerts for suspicious activity are based on IP addresses. This tutorial offers tips on how to gather that cap data using Wireshark, the widely used network protocol analysis tool.
0 kommentar(er)
