Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Basically, I am using Wireshark looking at captures that have been created previously. How may I find the IP address of the machine that created the capture?
There is no guaranteed way as, to capture packets, the user would be in ‘promiscuous’ mode. This is a state where all packets detected by the interface are captured. Hence, there is no way to determine which packets were destined to the person capturing the packets unless you knew where they lived in the network topology, as then you could make some assumptions that might help (for example, wireless clients would not get packets destined for the Internet sent by wired clients, if connected to the same router).
In addition, if you knew some services running on the capturer’s computer you could reasonably conclude the users IP address based on the fact a lot of packets were captured destined for that service at that address.