James,
You could use a sniffer and look at the MAC
address of the station sending the broadcast.
This is how a DHCP/BOOTP server does it's
work.
If it's coming through a DHCP/BOOTP forwarder,
then make sure you get the correct hardware
address, and not that of the device which is
forwarding it.
One other thing. If you don't use DHCP/BOOTP
on your network, then configure the clients
correctly, so they don't broadcast on your
network.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> <[EMAIL PROTECTED]> 8/16/00 8:20:09 AM >>>
>Hi,
>
>My firewall-1 (4.1 on NT4.0) has been getting loads of bootp requests which
>are
>filling up the logs.
>
>How can I locate the device they are coming from? The requests are
>internal as
>they are being logged on thre internal interface, however, not even the MAC
>address is being logged. If I could get the MAC address I could locate the
>device. How can I do this?
>
>Thanks.
>Jim.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
