[JamesK]

^^^^
I have used Wireshark, both at work and home, for many years, and you're right it is quite useful. However, one issue is most people use switches these days, which means you can only see stuff addressed to the computer you're running it on. This limits what you can see to broadcasts and traffic specifically intended for that computer. Back in the days of hubs or the old coax networks, all data was visible on all computers. On managed switches, you can usually set up one port to monitor one or more others, so you can watch the traffic on those ports. You can also get data "taps" that plug in between the switch and device. I have often used an old 10 Mb hub in the same manner.

Bottom line, Wireshark is a great tool, but you have to be aware of the limitations of using it on a switch connected network.

 

[JamesK]

^^^^
Wireshark will tell you the IP and MAC addresses. I have it installed on my Linux based firewall as well as my other computers. A tool like it is essential for solving many network problems. As I mentioned, if you can find an old hub, you can use it to monitor traffic going to your internet connection. Of course, by forcing 10 Mb, half duplex, you might change the situation enough that it affects the problem. One very nice feature of Wireshark is the way it can follow a TCP stream, which makes it easier to resolve problems.