[Gllug] Someone is using the broadcast address!!
John Hearns
john.hearns at streamline-computing.com
Sat Oct 13 06:44:11 UTC 2007
On Fri, 2007-10-12 at 14:44 +0800, Hong Chyr wrote:
> Guys
>
> This is not a linux specific question. but here's the story:
>
> I'm helping a friend troubleshooting this strange problem.
One other tip - you know the MAC address of the machine.
You get this by arp -an or by running tcpdump,
or better still Wireshark (Ethereal).
MAC addresses are allocated in blocks to manufacturers, so you can tell
at least the brand of NIC in this machine (or, as this is a general
troubleshooting tip you can tell the manufacturer of a switch, network
power strip, or anything else with an ethernet port).
You can search for MAC addresses on a page on the IEEE site
http://standards.ieee.org/regauth/oui/index.shtml
or even easier run nmap on that address - it will report the registrant
of the MAC address.
Or run Wireshark, which also decodes MAC addresses.
Once you have the manufacturer it can be a big help in tracking down
"mystery" machines on your network.
By the way, regarding network tools for investigating trouble machines,
or if you have a problem with unknown machines on your network,
look at using Arpwatch.
http://en.wikipedia.org/wiki/Arpwatch
Also well worth considering 'ntop' also:
http://www.ntop.org
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list