I have a Wireshark .pcap Capture of around 500k packets and I would like to enumerate a Network Diagram with all the Routers, Switches, PCs etc.
Is Wireshark capable of such procedure or is there any other way that I could use to automatically generate one?
Best Answer
If you have captured the packets from a single point in the network, then the answer is no. You can tell which hosts are on your network, but there is no topology information that would tell you the route from A to B. If you have some prior knowledge of the addressing scheme, you might be able to infer subnets, but even that is doubtful. Switches and other devices that operate at layer 2 would be invisible to you (except for the ones directly connected to you).
Imagine you were at the post office sorting mail. You can tell by looking at the addresses on the envelopes who is talking to whom, but you would have no idea how many hands it passed through to get to you, or how many more until it gets to the destination.
There are systems/applications that map networks, but they do so by probing for devices, examining routing/forwarding tables on them to discover new devices, then repeating that process until it finds (mostly) everything. They don't capture network traffic.