Solved

Tracing Broadcast traffic

Posted on 2004-04-03
5
756 Views
Last Modified: 2013-12-19


how to trace broadcast traffice ARP protocol and giving me information that its originating from source 10.138.4.1 and destination 10.138.0.1 , that is shown by using ethreal software. The thing is these IP address is not part of the network. Whats this basically ?

Regards,
0
Comment
Question by:aejaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 10747485
sounds like an attack to do you have a firewall and have you blocked ICMP?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10747486
in fact ignore that, these are NON routable addresses so they HAVE to be on your network do this instead...............
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 20 total points
ID: 10747497
get a laptop plugged in on the same network, and get on the same network number as the offenders, now ping those IP addresses, there now in your ARP cache :)

do a arp-a command and get the MAC addresses for them

Now track those MAC addresses through your switches MAC address tables and sooner or later you can follow them from switch to switch till the last switch will tall you which port its on, go to the switch and see whats patched into it - and youve got one of the offenders, time for some violence :)
0
 

Author Comment

by:aejaz
ID: 10751050
thanks.... tat was very simple , i just hav given 20 points :) , i m scolding myself why didnt i think myself :D

Regards,

aejazzz
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10752978
:) ThanQ
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question