RE: Tracing physical machines on DHCP networks

Mon, 15 Jul 2002 13:03:17 -0700 

This needs to be done on the same subnet as the "offender" otherwise you 
will get router's mac.


Thank you, Tony.
Tony Gordon, Windows 2000 MCSE
[EMAIL PROTECTED]
Windows Server Infrastructure
Phone: 847.295.5000 x14534
Fax:     847.295.8877
Hewitt Associates 





"Beck, Steve" <[EMAIL PROTECTED]>
07/15/2002 09:10 AM

 
        To:     "'Stef'" <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
        cc: 
        Subject:        RE: Tracing physical machines on  DHCP networks



Ping the IP, then arp it.
"arp -a"

arp = Address Resolution Protocol

-----Original Message-----
From: Stef [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 14, 2002 9:44 PM
To: [EMAIL PROTECTED]
Subject: FW: Tracing physical machines on DHCP networks


Slightly off-topic - but worth mentioning it. I have just deployed a 
solution like this:

http://www.panduitncg.com/solutions/panview_system.asp

in my computer room ... and goodbye location headaches. Of course it 
won't apply in your case (unless willing to spend some money), but 
thought of sharing it ... especially as it makes location of IP phones 
also easy (for emergency locator purposes).

Stef

P.S. In your case - assuming managed switches deployed - a program 
parsing the tables for port number - IP (SNMPget's), then a script for 
ARP-ing those IPs would do. But this assuming managed switches and ... 
good and up-to-date info on your location vs. systems deployment 
("network maps"). I have never been able to keep accurate ones, which 
is why I had to get a system like the one above, with one time only 
data entry :)

On Sunday 14 July 2002 08:43 am, Blaxes wrote:
> Hi,
>
> I noticed from my firewall logs that there is a particular machine on
> my network generating a very huge amt of suspicious traffic. Having
> only the ip address, I would like to track down the physical machine
> in my organization.
>
> There are numerous machines on the network, and running on DHCP, I am
> having a huge problem getting the mac address and the physical
> location of the machine. To complicate the matter, there are some
> users sharing machines and a user only requires authenticating via
> the firewall (LDAP) to access the network.
>
> Is there any ip management software that logs dhcp assignments to
> user logon on at the firewall with time and date stamps ?
>
>
> Thanks.

Reply via email to