Address Resolution Protocol (ARP) requests can be used by Wireshark to get the IP address of an unknown host on your network. ARP is a broadcast request that’s meant to help the client machine map out the host network.
ARP is slightly more foolproof than using a DHCP request because even hosts with a static IP address will generate ARP traffic upon startup.
To get an IP address of an unknown host via ARP, start Wireshark and begin a session with the Wireshark capture filter set to arp, as shown above.
Then wait for the unknown host to come online. I’m using a cell phone and toggling the WiFi connection on and off. Regardless, when an unknown host comes online it will generate one or more ARP requests. Those are the frames you should look for.
Once you’ve spotted the request, click on it. Use Wireshark’s Packet details view to analyze the frame. Look at the Address resolution protocol section of the frame, especially the Sender IP address and Sender MAC address.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article