[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 762
  • Last Modified:

Tracing Broadcast traffic



how to trace broadcast traffice ARP protocol and giving me information that its originating from source 10.138.4.1 and destination 10.138.0.1 , that is shown by using ethreal software. The thing is these IP address is not part of the network. Whats this basically ?

Regards,
0
aejaz
Asked:
aejaz
  • 4
1 Solution
 
Pete LongTechnical ConsultantCommented:
sounds like an attack to do you have a firewall and have you blocked ICMP?
0
 
Pete LongTechnical ConsultantCommented:
in fact ignore that, these are NON routable addresses so they HAVE to be on your network do this instead...............
0
 
Pete LongTechnical ConsultantCommented:
get a laptop plugged in on the same network, and get on the same network number as the offenders, now ping those IP addresses, there now in your ARP cache :)

do a arp-a command and get the MAC addresses for them

Now track those MAC addresses through your switches MAC address tables and sooner or later you can follow them from switch to switch till the last switch will tall you which port its on, go to the switch and see whats patched into it - and youve got one of the offenders, time for some violence :)
0
 
aejazAuthor Commented:
thanks.... tat was very simple , i just hav given 20 points :) , i m scolding myself why didnt i think myself :D

Regards,

aejazzz
0
 
Pete LongTechnical ConsultantCommented:
:) ThanQ
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now