Solved

Tracing Broadcast traffic

Posted on 2004-04-03
5
755 Views
Last Modified: 2013-12-19


how to trace broadcast traffice ARP protocol and giving me information that its originating from source 10.138.4.1 and destination 10.138.0.1 , that is shown by using ethreal software. The thing is these IP address is not part of the network. Whats this basically ?

Regards,
0
Comment
Question by:aejaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 10747485
sounds like an attack to do you have a firewall and have you blocked ICMP?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10747486
in fact ignore that, these are NON routable addresses so they HAVE to be on your network do this instead...............
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 20 total points
ID: 10747497
get a laptop plugged in on the same network, and get on the same network number as the offenders, now ping those IP addresses, there now in your ARP cache :)

do a arp-a command and get the MAC addresses for them

Now track those MAC addresses through your switches MAC address tables and sooner or later you can follow them from switch to switch till the last switch will tall you which port its on, go to the switch and see whats patched into it - and youve got one of the offenders, time for some violence :)
0
 

Author Comment

by:aejaz
ID: 10751050
thanks.... tat was very simple , i just hav given 20 points :) , i m scolding myself why didnt i think myself :D

Regards,

aejazzz
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10752978
:) ThanQ
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
An article on effective troubleshooting
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question