RE: OT finding station trying to become MasterBrow [7:58701]

2002-12-06 Thread Priscilla Oppenheimer 
Very helpful. Thanks. I should have thought of that. :-)

Of course, all the switches would have the MAC address in their cam
(bridging) table if they had sent to it, but if all of them but one have the
MAC address associated with a trunk, and one has it associated with an
end-user access port, then we would at least know which switch is actually
connecting the device. And from what I know about this network, that would
help identify the school at least. I think each school has its own switch.

The other suggestions are very helpful too. I'll let you know how we
succeed. Thanks everyone for your help.

Priscilla

Daniel Cotts wrote:
 
 Using Cisco gear I go to a router's arp table which also tells
 me the
 interface from which it learned the mac address.
 Then I go to the attached switch(es) and search for the mac and
 its
 associated interface.
 Cat5k sh cam xx-xx-xx-xx-xx-xx
 Cat2924# sh mac-address-table address ..
 If I haven't been smart enough to add a port name or
 description line then
 it's wire tracing time.
 
 In your case I'll assume that there is one site that is the
 hub. From there
 can you determine which remote site has the offending computer?
 If the
 remote site has switches into which you can telnet you could
 narrow it down.
 If cascading hubs - ouch! 
 
  -Original Message-
  From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
  Sent: Friday, December 06, 2002 12:23 PM
  To: [EMAIL PROTECTED]
  Subject: OT finding station trying to become MasterBrowser
 [7:58701]
  
  
  I don't think there's any answer to this, but I thought I 
  would check. How
  can I find the physical location of a system if I know the
 following:
   
  NetBIOS name, IP address, MAC Address, and the Domain it is 
  attached too.
  
  I have a system that is trying to become the Master Browser
 and I've
  discovered all of the above information. The problem is, it's 
  a large flat
  network, so the IP address comes from a huge pool and doesn't 
  help identify
  a network segment. The NetBIOS name isn't helpful and the 
  vendor code in the
  MAC address is shared by almost all the systems.
  
  Any utilities that you know of that could help find this
 station?
  
  It's a city-wide school system and driving around from school 
  to school
  isn't practical, although it is a rather small city... :-)
  
  Any info would be great. Thanks.
  
  Priscilla
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58714t=58701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT finding station trying to become MasterBrow [7:58701]

2002-12-06 Thread Priscilla Oppenheimer 
BTW, LanGuard did the trick. The admin had LanGaurd installed on his laptop,
so he ran it against the IP and picked a Printer Share that indicated the
site.

Thanks for everyone's help. 

Priscilla

Evans, TJ (BearingPoint) wrote:
 
 Along with MAC tracing, using CDP to id next-hop switches, etc.
 you can also
 try to us something like psloggedon (or psshutdown if you have
 something of
 a mean-streak) from sysinternals.com.  OR - if your domain is
 logging
 successful logins, maybe you could look through them to see who
 is logging
 in from that machine.
 
 ... get the user's name, send them a friendly request to
 modify their
 system accordingly.
 
 
 Or, if their policies permit, you could always sniff traffic
 from their IP
 looking for login names.  May require some SPANning or 'traffic
 engineering'
 to get their packets to you ...
 
 
 
 (sorry the first couple weren't more 'network oriented' answers
 :))
 Please let us know what you find / how you find it ...
 Thanks!
 TJ
 -Original Message-
 From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
 Sent: Friday, December 06, 2002 1:23 PM
 To: [EMAIL PROTECTED]
 Subject: OT finding station trying to become MasterBrowser
 [7:58701]
 
 I don't think there's any answer to this, but I thought I would
 check. How
 can I find the physical location of a system if I know the
 following:
  
 NetBIOS name, IP address, MAC Address, and the Domain it is
 attached too.
 
 I have a system that is trying to become the Master Browser and
 I've
 discovered all of the above information. The problem is, it's a
 large flat
 network, so the IP address comes from a huge pool and doesn't
 help identify
 a network segment. The NetBIOS name isn't helpful and the
 vendor code in the
 MAC address is shared by almost all the systems.
 
 Any utilities that you know of that could help find this
 station?
 
 It's a city-wide school system and driving around from school
 to school
 isn't practical, although it is a rather small city... :-)
 
 Any info would be great. Thanks.
 
 Priscilla

**
 The information in this email is confidential and may be
 legally
 privileged.  Access to this email by anyone other than the 
 intended addressee is unauthorized.  If you are not the
 intended
 recipient of this message, any review, disclosure, copying, 
 distribution, retention, or any action taken or omitted to be
 taken
 in reliance on it is prohibited and may be unlawful.  If you
 are not
 the intended recipient, please reply to or forward a copy of
 this
 message to the sender and delete the message, any attachments, 
 and any copies thereof from your system.

**
 
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58728t=58701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]