Professional Documents
Culture Documents
requests
Address Resolution Protocol (ARP) requests can be used by Wireshark
to get the IP address of an unknown host on your network. ARP is a
broadcast request that’s meant to help the client machine map out the
entire host network.
ARP is slightly more foolproof than using a DHCP request – which I’ll
cover below – because even hosts with a static IP address will
generate ARP traffic upon startup.
Then wait for the unknown host to come online. I’m using my cell phone
and toggling the WiFi connection on and off. Regardless, when an
unknown host comes online it will generate one or more ARP requests.
Those are the frames you should look for.
You can also force every host on your network to request a new IP
address by setting the lease time to an hour or two and capturing
network traffic. In this case, you’d want to browse through hostnames
until you find the target client.
Note that the frame I captured has a source IP address of 0.0.0.0. This is
normal until the host is assigned a valid IP address by the DHCP server.
You can also find a handful of other useful options like the IP address
lease time and Host name of the unknown client requesting an
address.
Link:
https://www.comparitech.com/net-admin/wireshark-ip-address-unknown-host/