Re: What IP has this MAC?
Don't you have DHCP? You can check the logs to track the MAC address and match it Miguel --- El mar, 24/8/10, richardmccl...@aspca.org richardmccl...@aspca.org escribió: De: richardmccl...@aspca.org richardmccl...@aspca.org Asunto: What IP has this MAC? Para: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Fecha: martes, 24 de agosto, 2010 10:16 Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: What IP has this MAC?
arp -a will show you the arp cache of the machine you're using at the moment. Does that help? On Tue, Aug 24, 2010 at 10:16 AM, richardmccl...@aspca.org wrote: Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group *ASPCA®* 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 *www.aspca.org* http://www.aspca.org/ The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What IP has this MAC?
Think lower-level. Find the MAC address on your switch, get the port that it is plugged into and follow it from there. Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 10:17 AM To: NT System Admin Issues Subject: What IP has this MAC? Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA(r) 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org http://www.aspca.org/ The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso exclusivo del destinatario(s) y puede contener información confidencial y/o información protegida de salud. En virtud de la Ley Federal (HIPAA), el destinatario tiene la obligación de mantener esta información segura y confidencial. Cualquier divulgación a terceros sin la autorización de los miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley Federal. Si usted no es el destinatario, por favor, póngase en contacto con el remitente por teléfono y destruir todas las copias del mensaje original ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What IP has this MAC?
Good Morning, Using Wireshark is a great tool and having the MAC address is key Question: Do you have managed switches? Using the MAC address - log into a managed switch and locate the port that corresponds to the offending nic Easy if you have a good updated map of your network and where each jack is located From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 10:17 AM To: NT System Admin Issues Subject: What IP has this MAC? Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA(r) 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org http://www.aspca.org/ The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What IP has this MAC?
What kind of switches do you have? Most switches will tell you what port that MAC is plugged into. Shane From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 10:17 AM To: NT System Admin Issues Subject: What IP has this MAC? Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA(r) 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.orghttp://www.aspca.org/ The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What IP has this MAC?
If you're using managed switches, you can talk to the switches to find out which one has that MAC address on which port, then you'll have a physical location. You could also script the ping/check-arp-cache/increment-ip/repeat to find the culprit. ping -n 1 -w 50 speeds up the script. Carl From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 10:17 AM To: NT System Admin Issues Subject: What IP has this MAC? Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCAR 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 http://www.aspca.org/ www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to AnimalsR (ASPCAR) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: What IP has this MAC?
Too obvious! The DHCP entry for that IP address (I get a Duplicate IP display on my phone; phone works fine but for the annoying display) points to my phone. Miguel Gonzalez miguel_3_gonza...@yahoo.es wrote on 08/24/2010 09:18:12 AM: Don't you have DHCP? You can check the logs to track the MAC address and match it Miguel --- El mar, 24/8/10, richardmccl...@aspca.org richardmccl...@aspca.org escribió: De: richardmccl...@aspca.org richardmccl...@aspca.org Asunto: What IP has this MAC? Para: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Fecha: martes, 24 de agosto, 2010 10:16 Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: What IP has this MAC?
Unplugging any of the two? Miguel --- El mar, 24/8/10, richardmccl...@aspca.org richardmccl...@aspca.org escribió: De: richardmccl...@aspca.org richardmccl...@aspca.org Asunto: Re: What IP has this MAC? Para: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Fecha: martes, 24 de agosto, 2010 10:31 Too obvious! The DHCP entry for that IP address (I get a Duplicate IP display on my phone; phone works fine but for the annoying display) points to my phone. Miguel Gonzalez miguel_3_gonza...@yahoo.es wrote on 08/24/2010 09:18:12 AM: Don't you have DHCP? You can check the logs to track the MAC address and match it Miguel --- El mar, 24/8/10, richardmccl...@aspca.org richardmccl...@aspca.org escribió: De: richardmccl...@aspca.org richardmccl...@aspca.org Asunto: What IP has this MAC? Para: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Fecha: martes, 24 de agosto, 2010 10:16 Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What IP has this MAC?
Bing in over my head, I must confess to not knowing Cisco IOS. I did find the MAC address in the Cisco Network Assasin. This will help in the future... Now, this brings up Problem #2: The machine in question is a Dell PE-1950 Citrix server. It has two NICs. When the server was built, only one of the NICs was used. Later, the Broadcom software was downloaded and installed, and the two NICs were teamed for fail-over redundency. Both the Cisco Network Assasin and the ping / arp -a show that this NIC has the IP address 10.1.2.47. It is a static IP address and is in our DATA VLAN. Wireshark shows that this NIC is sending gratuitous ARP packets and is claiming the address 10.1.20.45 (DHCP and in the VOICE VLAN). Any hints on how to make a (Dell/Broadcom) NIC stop sending gratuitious ARP packets? Thanks again... -- richard Jim Holmgren jholmg...@xlhealth.com wrote on 08/24/2010 09:21:02 AM: Think lower-level. Find the MAC address on your switch, get the port that it is plugged into and follow it from there. Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 10:17 AM To: NT System Admin Issues Subject: What IP has this MAC? Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What IP has this MAC?
Are you sure that after updating the driver the NIC team is still in place? Having a dual homed Citrix server is a recipe for trouble. Dual homed Citrix servers are supported only in very specific configurations and is not a Citrix recommended practice. NIC teaming is fine, dual homing as separate NICs is not. Carl Webster Citrix Technology Professional http://dabcc.com/Webster From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 9:52 AM To: NT System Admin Issues Subject: RE: What IP has this MAC? Bing in over my head, I must confess to not knowing Cisco IOS. I did find the MAC address in the Cisco Network Assasin. This will help in the future... Now, this brings up Problem #2: The machine in question is a Dell PE-1950 Citrix server. It has two NICs. When the server was built, only one of the NICs was used. Later, the Broadcom software was downloaded and installed, and the two NICs were teamed for fail-over redundency. Both the Cisco Network Assasin and the ping / arp -a show that this NIC has the IP address 10.1.2.47. It is a static IP address and is in our DATA VLAN. Wireshark shows that this NIC is sending gratuitous ARP packets and is claiming the address 10.1.20.45 (DHCP and in the VOICE VLAN). Any hints on how to make a (Dell/Broadcom) NIC stop sending gratuitious ARP packets? Thanks again... -- richard Jim Holmgren jholmg...@xlhealth.com wrote on 08/24/2010 09:21:02 AM: Think lower-level. Find the MAC address on your switch, get the port that it is plugged into and follow it from there. Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 10:17 AM To: NT System Admin Issues Subject: What IP has this MAC? Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What IP has this MAC?
Thanks! (By the way, nobody has yet asked, but the server in quesion is running Windows 2003, SP2) I just checked... Each NIC has TCP/IP unchecked, and BASP (Broadcom Advanced Server Program Driver) checked. Also in that control panel, there is the BASP Virtual Adapter. In Status - Network Connection Details, it shows the correct IP address (10.1.2.47 and in the data VLAN). Also for the team, it shows the MAC address of the offending NIC. The Broadcom Advanced Control Suite shows nothing inconsistant between the two NICs. The Dell OpenManage Server Administrator, however, shows IP Address 10.1.2.47 belonging to the NIC _not_ sending gratuitous ARP requests. The IP Address [Not Obtained] entry has the offending NIC in it. Don't know if what shows in the Dell OpenManage thingie is significant or not. Thanks again... -- richard Webster carlwebs...@gmail.com wrote on 08/24/2010 10:22:39 AM: Are you sure that after updating the driver the NIC team is still in place? Having a dual homed Citrix server is a recipe for trouble. Dual homed Citrix servers are supported only in very specific configurations and is not a Citrix recommended practice. NIC teaming is fine, dual homing as separate NICs is not. Carl Webster Citrix Technology Professional http://dabcc.com/Webster From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 9:52 AM To: NT System Admin Issues Subject: RE: What IP has this MAC? Bing in over my head, I must confess to not knowing Cisco IOS. I did find the MAC address in the Cisco Network Assasin. This will help in the future... Now, this brings up Problem #2: The machine in question is a Dell PE-1950 Citrix server. It has two NICs. When the server was built, only one of the NICs was used. Later, the Broadcom software was downloaded and installed, and the two NICs were teamed for fail-over redundency. Both the Cisco Network Assasin and the ping / arp -a show that this NIC has the IP address 10.1.2.47. It is a static IP address and is in our DATA VLAN. Wireshark shows that this NIC is sending gratuitous ARP packets and is claiming the address 10.1.20.45 (DHCP and in the VOICE VLAN). Any hints on how to make a (Dell/Broadcom) NIC stop sending gratuitious ARP packets? Thanks again... -- richard Jim Holmgren jholmg...@xlhealth.com wrote on 08/24/2010 09:21:02 AM: Think lower-level. Find the MAC address on your switch, get the port that it is plugged into and follow it from there. Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 10:17 AM To: NT System Admin Issues Subject: What IP has this MAC? Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IPreturned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any
Re: What IP has this MAC?
+1 This is where I would start - if possible. Otherwise, the other suggestions next. -- ME2 On Tue, Aug 24, 2010 at 7:21 AM, Jim Holmgren jholmg...@xlhealth.comwrote: Think lower-level. Find the MAC address on your switch, get the port that it is plugged into and follow it from there. Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com *From:* richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] *Sent:* Tuesday, August 24, 2010 10:17 AM *To:* NT System Admin Issues *Subject:* What IP has this MAC? Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group *ASPCA®* 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.org The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA ®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: What IP has this MAC?
Well if I had control of the Switches I would start like you said, then disable the port and see who yells and why. People do not like this but I have found it very effective in seeing what was going on. From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Tuesday, August 24, 2010 12:46 PM To: NT System Admin Issues Subject: Re: What IP has this MAC? +1 This is where I would start - if possible. Otherwise, the other suggestions next. -- ME2 On Tue, Aug 24, 2010 at 7:21 AM, Jim Holmgren jholmg...@xlhealth.commailto:jholmg...@xlhealth.com wrote: Think lower-level. Find the MAC address on your switch, get the port that it is plugged into and follow it from there. Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.comhttp://www.xlhealth.com From: richardmccl...@aspca.orgmailto:richardmccl...@aspca.org [mailto:richardmccl...@aspca.orgmailto:richardmccl...@aspca.org] Sent: Tuesday, August 24, 2010 10:17 AM To: NT System Admin Issues Subject: What IP has this MAC? Greetings! I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Thanks! -- Richard D. McClary Systems Administrator, Information Technology Group ASPCA® 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 richardmccl...@aspca.orgmailto:richardmccl...@aspca.org P: 217-337-9761 C: 217-417-1182 F: 217-337-9761 www.aspca.orghttp://www.aspca.org/ The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: What IP has this MAC?
On 24 Aug 2010 at 9:16, richardmccl...@aspca.org wrote: I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Anygryziber's IPSCAN tool will return the IP address and MAC address of all stations in the scan range fairly quickly. I use the older standalone v2 version. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: What IP has this MAC?
That is a killer tool, at least v 2 was anyway. Jon On Tue, Aug 24, 2010 at 4:17 PM, Angus Scott-Fleming angu...@geoapps.comwrote: On 24 Aug 2010 at 9:16, richardmccl...@aspca.org wrote: I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Anygryziber's IPSCAN tool will return the IP address and MAC address of all stations in the scan range fairly quickly. I use the older standalone v2 version. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: What IP has this MAC?
Q Sent from my Verizon Wireless BlackBerry -Original Message- From: Jon Harris jk.har...@gmail.com Date: Tue, 24 Aug 2010 19:26:16 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: What IP has this MAC? That is a killer tool, at least v 2 was anyway. Jon On Tue, Aug 24, 2010 at 4:17 PM, Angus Scott-Fleming angu...@geoapps.comwrote: On 24 Aug 2010 at 9:16, richardmccl...@aspca.org wrote: I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Anygryziber's IPSCAN tool will return the IP address and MAC address of all stations in the scan range fairly quickly. I use the older standalone v2 version. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: What IP has this MAC?
? On Tue, Aug 24, 2010 at 7:45 PM, pchow...@yahoo.com wrote: Q Sent from my Verizon Wireless BlackBerry -- *From: *Jon Harris jk.har...@gmail.com *Date: *Tue, 24 Aug 2010 19:26:16 -0400 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *Re: What IP has this MAC? That is a killer tool, at least v 2 was anyway. Jon On Tue, Aug 24, 2010 at 4:17 PM, Angus Scott-Fleming angu...@geoapps.comwrote: On 24 Aug 2010 at 9:16, richardmccl...@aspca.org wrote: I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Anygryziber's IPSCAN tool will return the IP address and MAC address of all stations in the scan range fairly quickly. I use the older standalone v2 version. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: What IP has this MAC?
Also see NetToolsPro -ASB: http://XeeSM.com/AndrewBaker Sent from my Motorola Droid On Aug 24, 2010 7:27 PM, Jon Harris jk.har...@gmail.com wrote: That is a killer tool, at least v 2 was anyway. Jon On Tue, Aug 24, 2010 at 4:17 PM, Angus Scott-Fleming angu...@geoapps.com wrote: On 24 Aug 2010 at 9:16, richardmccl...@aspca.org wrote: I am experiencing a bit of a network problem with, at the moment, is more of an annoyance (but could easily get bigger!). Somewhere I have a NIC spewing out gratuitious ARP packets. (I did eventually hunt it down, but for the future...) Using Wireshark, I have the MAC address of the offending NIC. Again, for the future, is there a ping command switch or something else which will enable me to enter the MAC address and have the IP returned? Wireshark does indicate the offender is a Dell system. However, being mostly a Dell shop, pinging each node here and then examining my ARP cache is rather slow... Anygryziber's IPSCAN tool will return the IP address and MAC address of all stations in the scan range fairly quickly. I use the older standalone v2 version. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~