This needs to be done on the same subnet as the "offender" otherwise you will get router's mac.
Thank you, Tony. Tony Gordon, Windows 2000 MCSE [EMAIL PROTECTED] Windows Server Infrastructure Phone: 847.295.5000 x14534 Fax: 847.295.8877 Hewitt Associates "Beck, Steve" <[EMAIL PROTECTED]> 07/15/2002 09:10 AM To: "'Stef'" <[EMAIL PROTECTED]> [EMAIL PROTECTED] cc: Subject: RE: Tracing physical machines on DHCP networks Ping the IP, then arp it. "arp -a" arp = Address Resolution Protocol -----Original Message----- From: Stef [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 14, 2002 9:44 PM To: [EMAIL PROTECTED] Subject: FW: Tracing physical machines on DHCP networks Slightly off-topic - but worth mentioning it. I have just deployed a solution like this: http://www.panduitncg.com/solutions/panview_system.asp in my computer room ... and goodbye location headaches. Of course it won't apply in your case (unless willing to spend some money), but thought of sharing it ... especially as it makes location of IP phones also easy (for emergency locator purposes). Stef P.S. In your case - assuming managed switches deployed - a program parsing the tables for port number - IP (SNMPget's), then a script for ARP-ing those IPs would do. But this assuming managed switches and ... good and up-to-date info on your location vs. systems deployment ("network maps"). I have never been able to keep accurate ones, which is why I had to get a system like the one above, with one time only data entry :) On Sunday 14 July 2002 08:43 am, Blaxes wrote: > Hi, > > I noticed from my firewall logs that there is a particular machine on > my network generating a very huge amt of suspicious traffic. Having > only the ip address, I would like to track down the physical machine > in my organization. > > There are numerous machines on the network, and running on DHCP, I am > having a huge problem getting the mac address and the physical > location of the machine. To complicate the matter, there are some > users sharing machines and a user only requires authenticating via > the firewall (LDAP) to access the network. > > Is there any ip management software that logs dhcp assignments to > user logon on at the firewall with time and date stamps ? > > > Thanks.