Using Wireshark to Find an Unknown IP Address
If you have a device that you need to connect to but don't have a clue what the IP address is, you can find it easily with a laptop and Wireshark. Wireshark can be downloaded at no cost and is easy to install.
Assuming your laptop or the target device has a gigabit NIC, you can connect to the device directly with an off-the-shelf ethernet cable. If you aren't sure or if you only have 10/100 NICs in the mix, you will either need to connect via a crossover cable or connect both the device and laptop to a dumb switch, which will remove the need for a crossover cable.
Once you have Wireshark installed on the computer, run it and you will see a list of the network interfaces detected on the computer. You may see a wireless interface, a VPN interface possibly, and others. But you need to select the one that is connected to the device for which you're trying to determine the IP address.
Once you have selected this ethernet adapter, type "ARP" in the display filter field under the menu buttons near the top of the screen and then click the blue shark fin above that. This will start the capture.
If you don't see any lines like this (see Wiresharkâs info column) within a few seconds...
Who has 192.168.87.xxx? Tell 192.168.87.xxx
...then you will need to power cycle the device. Then you should start seeing Address Resolution Protocol (ARP) messages.
The IP addresses you see may vary. But the device whose IP address you're trying to detect will start sending broadcast messages over its NIC trying to find its gateway and/or other devices that it knows about. You should be able to find its IPaddress in the "Tell" portion of the info column. If you then look at the Source column, you will see the MAC address of the device and Wireshark may try to help you by resolving the first four octets of the MAC address to a manufacturer. In the case of Wheatstone, it may look something like this:
Wheatsto_78:90
That's happens to be a Wheatstone TS-22 talent station.
If the device has a web server and you wish to connect to that, or if you want to telnet or ftp into the device, you will now need to change the IP address settings on your laptop to match the subnet of the device.
Let's say the device's IP address turns out to be 10.10.10.78. You can change your laptop to something like 10.10.10.100 (any address other than 78 should be fine at this point) and your subnet mask to 255.0.0.0. Why use that subnet mask? Because you don't know the subnet mask of the device and this should allow you to connect to the device regardless of the number of network bits in the device's subnet mask.
For devices like the MG-1 mic processor where there is no front panel display, using Wireshark in this fashion will help you quickly figure out what IP the device is set to if someone set it to something other than the default and didn't document it. We use it all the time in the field, and now, you can too!
Related Articles
Using Wireshark to Find an Unknown IP Address
If you have a device that you need to connect to but don't have a clue what the IP address is, you can find it easily with a laptop and Wireshark. Wireshark can be downloaded at no cost and is easy to install. Assuming your laptop or the target ...Using Wireshark to Diagnose AoIP Issues
Back in the old days, you could find any signal in a radio/TV station with a Telco Butt-set. Now that everything is IP, the go-to tool is Wireshark. If you don't have it already, download here. Simple Troubleshooting Sometimes we can use the ...Changing The IP Address Of The IP-12/IP-16
While there is a function to change the IP address in the console GUI, it is easier to use PuTTY or another telnet client to accomplish the task. Instructions Open the terminal program and connect via Telnet to the console’s current IP address. Your ...Using WheatNet-IP Software LIOs to control VoxPro 7
This document explains how to configure bi-directional remote control functions on WheatNet-IP consoles and the WheatNet-IP audio driver. We'll start in Navigator. In our example, we have configured VoxPro to record and play back from WNIP Audio ...How To Set Up Telos VX with WheatNet-IP Using AES67
Prerequisites You will need: A Precision Timing Protocol (PTP) v2 clock source on your WNIP Local Area Network. Both the blades and the VoIP phone hybrid need to sync to this clock, and they do not generate it. There are numerous PTP clock generators ...