?
Solved

Tracing Broadcast traffic

Posted on 2004-04-03
5
Medium Priority
?
759 Views
Last Modified: 2013-12-19


how to trace broadcast traffice ARP protocol and giving me information that its originating from source 10.138.4.1 and destination 10.138.0.1 , that is shown by using ethreal software. The thing is these IP address is not part of the network. Whats this basically ?

Regards,
0
Comment
Question by:aejaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 10747485
sounds like an attack to do you have a firewall and have you blocked ICMP?
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10747486
in fact ignore that, these are NON routable addresses so they HAVE to be on your network do this instead...............
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 60 total points
ID: 10747497
get a laptop plugged in on the same network, and get on the same network number as the offenders, now ping those IP addresses, there now in your ARP cache :)

do a arp-a command and get the MAC addresses for them

Now track those MAC addresses through your switches MAC address tables and sooner or later you can follow them from switch to switch till the last switch will tall you which port its on, go to the switch and see whats patched into it - and youve got one of the offenders, time for some violence :)
0
 

Author Comment

by:aejaz
ID: 10751050
thanks.... tat was very simple , i just hav given 20 points :) , i m scolding myself why didnt i think myself :D

Regards,

aejazzz
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10752978
:) ThanQ
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question