[SOLVED] What's the easiest way of tracking outgoing traffic from specific IP address?

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
N

Newtonian

Distinguished
Sep 9, 2013
33
0
18,530
I have unidentified devices connected to my network that show up as "new-host-1 (or 2, etc)" on my FiOS router.
Their MAC addresses reveal no vendor.
This seems to have baffled other FiOS customers too. https://forums.verizon.com/t5/Fios-Internet/What-is-New-Host/td-p/845062

Since I already know the IP addresses of these mysterious devices, if I could track their outgoing traffic, maybe I'll have a better clue of what they are.
What's the easiest way of tracking outgoing traffic from these specific IP address?
Should WireShark do the job?
 
Solution
B
Wireshark does a great job problem is it only sees data that passes through the etherent port on the machine.

You can not run wireshark on the router, well some can if you load third party firmware but not a fios router.

I would first turn off the wifi radios and see if it goes away. May take some time for it to time out but if it responds to a ping command that will fail immediately.

If it is still around I would unplug cables 1 at a time until it goes away should give you a idea.

Finding a wifi device can be tricky. Your best bet would be to make sure WPS is disabled since that will give out any new password you set. Change the wifi password. Nothing should now be able to connect even with the wifi radios on. Then one...
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,308
2,749
125,640
Wireshark does a great job problem is it only sees data that passes through the etherent port on the machine.

You can not run wireshark on the router, well some can if you load third party firmware but not a fios router.

I would first turn off the wifi radios and see if it goes away. May take some time for it to time out but if it responds to a ping command that will fail immediately.

If it is still around I would unplug cables 1 at a time until it goes away should give you a idea.

Finding a wifi device can be tricky. Your best bet would be to make sure WPS is disabled since that will give out any new password you set. Change the wifi password. Nothing should now be able to connect even with the wifi radios on. Then one at a time put the new password into end devices.
 
Upvote 0 Downvote
Solution
J

johnbl

Polypheme
Nov 4, 2012
10,072
185
67,090
you can use the mac address and use a vendor lookup to see what vendor has been assigned the mac address. MAC Address Vendor Lookup | MAC Address Lookup (maclookup.app)
keep in mind that it is very easy to configure machines to override the default mac address in the ethernet card and use any mac address you want to use.

You can also sniff local network traffic if you have a special router that has a monitor port. The monitor port gets access to all the packets so you can run a network sniffer and see traffic going to other machines on the network.
I just use a ethernet hub with a monitor port for sniffing network traffic.
 
Last edited:
Upvote 0 Downvote
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom