If you know your topology well and lack sophisticated switch-management tools, it's possible to ping the IP in question (to get the MAC from your arp table), login to individual switches as needed, and trace the associated ports back to an end-point. I've done that once or twice myself.
Tom >>> "Blaxes" <[EMAIL PROTECTED]> 07/14/02 08:43AM >>> Hi, I noticed from my firewall logs that there is a particular machine on my network generating a very huge amt of suspicious traffic. Having only the ip address, I would like to track down the physical machine in my organization. There are numerous machines on the network, and running on DHCP, I am having a huge problem getting the mac address and the physical location of the machine. To complicate the matter, there are some users sharing machines and a user only requires authenticating via the firewall (LDAP) to access the network. Is there any ip management software that logs dhcp assignments to user logon on at the firewall with time and date stamps ? Thanks.
