Select one of the frames that shows DHCP Request in the info column. Note : With Wireshark 3.0, you must use the search term DHCP instead of boot. Open the cap in Wireshark and filter on boot pas shown in Figure 1. If you have access to full packet capture of your network traffic, a cap retrieved on an internal IP address should reveal an associated MAC address and hostname.ĭHCP traffic can help identify hosts for almost any type of computer connected to your network.
In most cases, alerts for suspicious activity are based on IP addresses. This tutorial offers tips on how to gather that cap data using Wireshark, the widely used network protocol analysis tool. When a host is infected or otherwise compromised, security professionals need to quickly review packet captures (caps) of suspicious network traffic to identify affected hosts and users.
0 kommentar(er)
