BTW, LanGuard did the trick. The admin had LanGaurd installed on his laptop,
so he ran it against the IP and picked a Printer Share that indicated the
site.
Thanks for everyone's help.
Priscilla
Evans, TJ (BearingPoint) wrote:
Along with MAC tracing, using CDP to id next-hop switches, etc.
you can also
try to us something like psloggedon (or psshutdown if you have
something of
a mean-streak) from sysinternals.com. OR - if your domain is
logging
successful logins, maybe you could look through them to see who
is logging
in from that machine.
... get the user's name, send them a friendly request to
modify their
system accordingly.
Or, if their policies permit, you could always sniff traffic
from their IP
looking for login names. May require some SPANning or 'traffic
engineering'
to get their packets to you ...
(sorry the first couple weren't more 'network oriented' answers
:))
Please let us know what you find / how you find it ...
Thanks!
TJ
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 1:23 PM
To: [EMAIL PROTECTED]
Subject: OT finding station trying to become MasterBrowser
[7:58701]
I don't think there's any answer to this, but I thought I would
check. How
can I find the physical location of a system if I know the
following:
NetBIOS name, IP address, MAC Address, and the Domain it is
attached too.
I have a system that is trying to become the Master Browser and
I've
discovered all of the above information. The problem is, it's a
large flat
network, so the IP address comes from a huge pool and doesn't
help identify
a network segment. The NetBIOS name isn't helpful and the
vendor code in the
MAC address is shared by almost all the systems.
Any utilities that you know of that could help find this
station?
It's a city-wide school system and driving around from school
to school
isn't practical, although it is a rather small city... :-)
Any info would be great. Thanks.
Priscilla
**
The information in this email is confidential and may be
legally
privileged. Access to this email by anyone other than the
intended addressee is unauthorized. If you are not the
intended
recipient of this message, any review, disclosure, copying,
distribution, retention, or any action taken or omitted to be
taken
in reliance on it is prohibited and may be unlawful. If you
are not
the intended recipient, please reply to or forward a copy of
this
message to the sender and delete the message, any attachments,
and any copies thereof from your system.
**
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58728t=58701
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]