Thanks Jeff….gonna pick one up tomorrow.
Sully
-----Original Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Gojkovich
Sent: Thursday, July 24, 2003 7:33
PM
To: [EMAIL PROTECTED]
Subject: Re: [smartBridges] OFF
TOPIC: Spoofed IP??
What we do is put a hub inbetween the AP and the
router/switch. Then plug a network line into the hub to one of our
computers and open the sniffer. We use the Colasoft sniffer and it works
great. It will sort by IP address and it is layed out really nice.
Just wait for that IP to send some info that will identify then and there you
go.
--
Jeff
> One thing you could do if you provide email, is to check the IP addy
> against
> email address's in your logs of your mail server.
> George
> ----- Original Message -----
> From: "The Wirefree Network"
<[EMAIL PROTECTED]>> To:
<[EMAIL PROTECTED]>> Sent: Thursday, July 24, 2003 12:29 PM
> Subject: [smartBridges] OFF TOPIC: Spoofed IP??
>
>
>> Here's a weird one.
>>
>> Using smartbridges equipment, is there any way I can find out which
one
>> of my users changed their IP address??
>>
>> When I do an arp listing in my router, I noticed that the IP/MAC
pairing
>> was incorrect. So...I called up the client who should have that IP and
>> their computer was off. When they turned it on and went to IE, my
>> router prompted me with "IP address 172.16.x.x changed MAC
addresses".
>> And then the arp listing showed the correct MAC for that IP.
>>
>> He then turned off his computer and a little while later...I was again
>> prompted with the "IP address 172.16.x.x changed MAC
addresses". I
>> wrote down the MAC address, but that really does me no good.
>>
>> I was hoping that a traceroute would show me which wireless devices he
>> was hopping out of...but no dice.
>>
>> I looked in the associated client listing in the aPPo, but it does not
>> show that IP whenever I am looking.
>>
>> I tried using sniffer software...but I cant pick up any traffic on the
>> LAN side of my router, being that it is also a switch. I need to find
a
>> way to make my port (permiscious) or act like a hub...so I can sniff
>> traffic on the whole network.
>>
>> I also thought about having the valid client use a different IP for
>> now...and then block that IP at the LAN interface. Then...just sit
back
>> and wait for that client to call me (with an outage).
>>
>> Anyway...my question is....how can I find out who is using this IP??
>>
>> Sully
>>
>> The PART-15.ORG smartBridges Discussion List
>> To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe
> smartBridges
>> To Remove: mailto:[EMAIL PROTECTED] (in the body type
unsubscribe
> smartBridges)
>> Archives: http://archives.part-15.org
>>
>
> The PART-15.ORG smartBridges Discussion List
> To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe
> smartBridges
> To Remove: mailto:[EMAIL PROTECTED] (in the body type
unsubscribe
> smartBridges)
> Archives: http://archives.part-15.org
>
The PART-15.ORG smartBridges Discussion List To Join:
mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges To
Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
Archives: http://archives.part-15.org
