RE: Finding a neddle in a haystack
Command prompt from a windows machine that would be aware of/ has connected to the MAC address. arp -a The switches and routers in the environment would also have this info in their arp tables. From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Thursday, June 04, 2009 2:37 PM To: NT System Admin Issues Subject: Finding a neddle in a haystack The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He's begun to fixate on a system I can't positively identify that connects via SQL on a regular basis. I suspect it's the hosted web server, but I don't have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn't replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure That's the Webhost? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a neddle in a haystack
On Thu, Jun 4, 2009 at 11:37, Jim Majorowicz jmajorow...@gmail.com wrote: The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He’s begun to fixate on a system I can’t positively identify that connects via SQL on a regular basis. I suspect it’s the hosted web server, but I don’t have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn’t replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure “That’s the Webhost?” You're going to have to describe the network a bit more before we can say too much about that. However, I'll say that Wireshark is your friend - especially the version you find at www.portableapps.com Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
Can you outline the topology? The SQL server is at the client site (behind a DMZ?), and the web server is co-located at a web hosting company? Is that correct? Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 _ From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Thursday, June 04, 2009 2:37 PM To: NT System Admin Issues Subject: Finding a neddle in a haystack The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He's begun to fixate on a system I can't positively identify that connects via SQL on a regular basis. I suspect it's the hosted web server, but I don't have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn't replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure That's the Webhost? - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
OK, maybe I'm a bit dense today, but I don't see Wireshark at portableapps.com ... Got any pointers ? Erik Goldoff IT Consultant Systems, Networks, Security -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, June 04, 2009 2:43 PM To: NT System Admin Issues Subject: Re: Finding a neddle in a haystack On Thu, Jun 4, 2009 at 11:37, Jim Majorowicz jmajorow...@gmail.com wrote: The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He’s begun to fixate on a system I can’t positively identify that connects via SQL on a regular basis. I suspect it’s the hosted web server, but I don’t have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn’t replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure “That’s the Webhost?” You're going to have to describe the network a bit more before we can say too much about that. However, I'll say that Wireshark is your friend - especially the version you find at www.portableapps.com Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
OK, nevermind ... They don't include it in portableapps , but point to a portable version on sourceforge.net ...thanks Erik Goldoff IT Consultant Systems, Networks, Security -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, June 04, 2009 2:43 PM To: NT System Admin Issues Subject: Re: Finding a neddle in a haystack On Thu, Jun 4, 2009 at 11:37, Jim Majorowicz jmajorow...@gmail.com wrote: The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He’s begun to fixate on a system I can’t positively identify that connects via SQL on a regular basis. I suspect it’s the hosted web server, but I don’t have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn’t replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure “That’s the Webhost?” You're going to have to describe the network a bit more before we can say too much about that. However, I'll say that Wireshark is your friend - especially the version you find at www.portableapps.com Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
Depending on your type of network switch, you can do a show mac-address (on Cisco anyway) and it will tell you the switchport that the mac address is connected to. You can track it down that way. *** John C. Kelsey DuBois Regional Medical Center (: 814.375.3073 *: jckel...@drmc.org *** -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, June 04, 2009 15:08 To: NT System Admin Issues Subject: RE: Finding a neddle in a haystack OK, maybe I'm a bit dense today, but I don't see Wireshark at portableapps.com ... Got any pointers ? Erik Goldoff IT Consultant Systems, Networks, Security -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, June 04, 2009 2:43 PM To: NT System Admin Issues Subject: Re: Finding a neddle in a haystack On Thu, Jun 4, 2009 at 11:37, Jim Majorowicz jmajorow...@gmail.com wrote: The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He's begun to fixate on a system I can't positively identify that connects via SQL on a regular basis. I suspect it's the hosted web server, but I don't have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn't replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure That's the Webhost? You're going to have to describe the network a bit more before we can say too much about that. However, I'll say that Wireshark is your friend - especially the version you find at www.portableapps.com Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
On the same subnet? If so, ping-sweep the subnet and then check your local arp cache. -sc From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Thursday, June 04, 2009 2:37 PM To: NT System Admin Issues Subject: Finding a neddle in a haystack The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He's begun to fixate on a system I can't positively identify that connects via SQL on a regular basis. I suspect it's the hosted web server, but I don't have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn't replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure That's the Webhost? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a neddle in a haystack
Given what little detail the OP posted, it seems unlikely that the MAC address will be present on any switch he can examine. Wireshark listening to a monitor/span port will allow him to pinpoint the IP address that's talking on port 1733, though. That would certainly be helpful. Kurt On Thu, Jun 4, 2009 at 12:19, Kelsey, John jckel...@drmc.org wrote: Depending on your type of network switch, you can do a show mac-address (on Cisco anyway) and it will tell you the switchport that the mac address is connected to. You can track it down that way. *** John C. Kelsey DuBois Regional Medical Center (: 814.375.3073 *: jckel...@drmc.org *** -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Thursday, June 04, 2009 15:08 To: NT System Admin Issues Subject: RE: Finding a neddle in a haystack OK, maybe I'm a bit dense today, but I don't see Wireshark at portableapps.com ... Got any pointers ? Erik Goldoff IT Consultant Systems, Networks, Security -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, June 04, 2009 2:43 PM To: NT System Admin Issues Subject: Re: Finding a neddle in a haystack On Thu, Jun 4, 2009 at 11:37, Jim Majorowicz jmajorow...@gmail.com wrote: The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He's begun to fixate on a system I can't positively identify that connects via SQL on a regular basis. I suspect it's the hosted web server, but I don't have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn't replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure That's the Webhost? You're going to have to describe the network a bit more before we can say too much about that. However, I'll say that Wireshark is your friend - especially the version you find at www.portableapps.com Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
-Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Subject: RE: Finding a neddle in a haystack Got any pointers ? *6076AD007 Shook Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
So, that was kind of nettling you, eh? From: Sherry Abercrombie [mailto:saber...@gmail.com] Sent: Thursday, June 04, 2009 2:30 PM To: NT System Admin Issues Subject: Re: Finding a neddle in a haystack Can't stand it any longer, the correct spelling is needle. Thank you, I feel better now. On Thu, Jun 4, 2009 at 2:26 PM, Webster carlwebs...@gmail.com wrote: -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Subject: RE: Finding a neddle in a haystack Got any pointers ? *6076AD007 Shook Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a neddle in a haystack
http://slashweb.org/programming/25-best-programmer-webcomic-strips.html On Thu, Jun 4, 2009 at 12:26, Webster carlwebs...@gmail.com wrote: -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Subject: RE: Finding a neddle in a haystack Got any pointers ? *6076AD007 Shook Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
So MAC addresses are only locally significant. If you've got this machine offsite then there's no way that MAC address is showing up on your end unless the app is carrying it as metadata or something... Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Thursday, June 04, 2009 1:37 PM To: NT System Admin Issues Subject: Finding a neddle in a haystack The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He's begun to fixate on a system I can't positively identify that connects via SQL on a regular basis. I suspect it's the hosted web server, but I don't have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn't replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure That's the Webhost? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
Typo. :P From: Sherry Abercrombie [mailto:saber...@gmail.com] Sent: Thursday, June 04, 2009 12:30 PM To: NT System Admin Issues Subject: Re: Finding a neddle in a haystack Can't stand it any longer, the correct spelling is needle. Thank you, I feel better now. On Thu, Jun 4, 2009 at 2:26 PM, Webster carlwebs...@gmail.com wrote: -Original Message- From: Erik Goldoff [mailto:egold...@gmail.com] Subject: RE: Finding a neddle in a haystack Got any pointers ? *6076AD007 Shook Webster ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sherry Abercrombie Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
He was pulling information from some SQL utility. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, June 04, 2009 1:17 PM To: NT System Admin Issues Subject: RE: Finding a neddle in a haystack So MAC addresses are only locally significant. If you've got this machine offsite then there's no way that MAC address is showing up on your end unless the app is carrying it as metadata or something. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian https://mvp.support.microsoft.com/profile/Brian From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Thursday, June 04, 2009 1:37 PM To: NT System Admin Issues Subject: Finding a neddle in a haystack The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He's begun to fixate on a system I can't positively identify that connects via SQL on a regular basis. I suspect it's the hosted web server, but I don't have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn't replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure That's the Webhost? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Finding a neddle in a haystack
So, I think my comment stands - you'll need to monitor port 1733, IIRC. That's easy enough to do, as someone else pointed out, with 'netstat -anp tcp | findstr 1733', or by installing wireshark on the machine and building a bpf filter for that source port. I like wireshark because you can just log packets to a file for review later, but if you've got the other party on the telephone, and he/she/it can initiate the query while you're talking, then the netstat command is much less intrusive. Kurt On Thu, Jun 4, 2009 at 16:05, Jim Majorowicz jmajorow...@gmail.com wrote: He was pulling information from some SQL utility. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, June 04, 2009 1:17 PM To: NT System Admin Issues Subject: RE: Finding a neddle in a haystack So MAC addresses are only locally significant. If you’ve got this machine offsite then there’s no way that MAC address is showing up on your end unless the app is carrying it as metadata or something… Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Thursday, June 04, 2009 1:37 PM To: NT System Admin Issues Subject: Finding a neddle in a haystack The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He’s begun to fixate on a system I can’t positively identify that connects via SQL on a regular basis. I suspect it’s the hosted web server, but I don’t have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn’t replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure “That’s the Webhost?” ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Finding a neddle in a haystack
Yeah, I was able to prove that was the source. Thanks for all your help guys. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, June 04, 2009 4:14 PM To: NT System Admin Issues Subject: Re: Finding a neddle in a haystack So, I think my comment stands - you'll need to monitor port 1733, IIRC. That's easy enough to do, as someone else pointed out, with 'netstat -anp tcp | findstr 1733', or by installing wireshark on the machine and building a bpf filter for that source port. I like wireshark because you can just log packets to a file for review later, but if you've got the other party on the telephone, and he/she/it can initiate the query while you're talking, then the netstat command is much less intrusive. Kurt On Thu, Jun 4, 2009 at 16:05, Jim Majorowicz jmajorow...@gmail.com wrote: He was pulling information from some SQL utility. From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, June 04, 2009 1:17 PM To: NT System Admin Issues Subject: RE: Finding a neddle in a haystack So MAC addresses are only locally significant. If you’ve got this machine offsite then there’s no way that MAC address is showing up on your end unless the app is carrying it as metadata or something… Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Thursday, June 04, 2009 1:37 PM To: NT System Admin Issues Subject: Finding a neddle in a haystack The developer for one of my clients is trying to figure out what is causing his app to crash on a regular basis. He’s begun to fixate on a system I can’t positively identify that connects via SQL on a regular basis. I suspect it’s the hosted web server, but I don’t have to contact information for the hosting company, and the person with that information is currently in China with a spotty connection and hasn’t replied to my emails. I have the name of the host, and the MAC address but not the IP address. Is there any way to find the IP based on the MAC, so I can say for sure “That’s the Webhost?” ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~