This needs to be done on the same subnet as the "offender" otherwise you
will get router's mac.
Thank you, Tony.
Tony Gordon, Windows 2000 MCSE
[EMAIL PROTECTED]
Windows Server Infrastructure
Phone: 847.295.5000 x14534
Fax: 847.295.8877
Hewitt Associates
"Beck, Steve" <[EMAIL PROTECTED]>
07/15/2002 09:10 AM
To: "'Stef'" <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
cc:
Subject: RE: Tracing physical machines on DHCP networks
Ping the IP, then arp it.
"arp -a"
arp = Address Resolution Protocol
-----Original Message-----
From: Stef [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 14, 2002 9:44 PM
To: [EMAIL PROTECTED]
Subject: FW: Tracing physical machines on DHCP networks
Slightly off-topic - but worth mentioning it. I have just deployed a
solution like this:
http://www.panduitncg.com/solutions/panview_system.asp
in my computer room ... and goodbye location headaches. Of course it
won't apply in your case (unless willing to spend some money), but
thought of sharing it ... especially as it makes location of IP phones
also easy (for emergency locator purposes).
Stef
P.S. In your case - assuming managed switches deployed - a program
parsing the tables for port number - IP (SNMPget's), then a script for
ARP-ing those IPs would do. But this assuming managed switches and ...
good and up-to-date info on your location vs. systems deployment
("network maps"). I have never been able to keep accurate ones, which
is why I had to get a system like the one above, with one time only
data entry :)
On Sunday 14 July 2002 08:43 am, Blaxes wrote:
> Hi,
>
> I noticed from my firewall logs that there is a particular machine on
> my network generating a very huge amt of suspicious traffic. Having
> only the ip address, I would like to track down the physical machine
> in my organization.
>
> There are numerous machines on the network, and running on DHCP, I am
> having a huge problem getting the mac address and the physical
> location of the machine. To complicate the matter, there are some
> users sharing machines and a user only requires authenticating via
> the firewall (LDAP) to access the network.
>
> Is there any ip management software that logs dhcp assignments to
> user logon on at the firewall with time and date stamps ?
>
>
> Thanks.
