Solved

How do I Tracking down two pcs on the LAN???

Posted on 2008-10-27
2
719 Views
Last Modified: 2012-05-05
In this environment there is a Cisco ASA 5510 which sits between the Corporate LAN and WAN.  Within the LAN there is a Nortel Layer 3 switch which handles the internal routing/switching.  I have been trying to track down a couple of pcs for some time and have not had any luck in doing so.  On a daily basis we are receiving the following syslogs (below).  The logs dont concern me all that much considering the events are occurring on the inside interface, however the higher-ups are increasingly getting impatient to track these pc down.


Oct 23 2008 13:33:57: %ASA-1-106021: Deny UDP reverse path check from 169.254.70.48 to 129.6.15.29 on interface inside

Oct 27 2008 09:14:23: %ASA-1-106021: Deny TCP reverse path check from 10.87.7.224 to 207.190.242.134 on interface inside

The first system log is most likely a windows xp pc (169.254.0.0/24) which is trying to synchronize its time with a public time server.  From my research a 169.254.0.0/24 is not routable so this means the pc should be on the same LAN which is connected to the ASA.  I put my laptop on the LAN with a valid IP address and a 169.254.xx.xx and unfortunately have not been able to ping or find the MAC address for 169.254.70.48.  

The second system log is a pc with an an IP that is outside of the local IP addressing scheme.  Its most likely a pc sitting behind a low-end firewall which I cannot ping, tracert, etc.  I am not sure as to how to track this pc down.  


Any guidance on this would be greatly appreciated,

-Jon
0
Comment
Question by:jonske01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
leonjs earned 375 total points
ID: 22813768
The last time I had this situation I logged into each one of our switches (Cisco) and did a show arp which will show the IP address, mac address and port.
You should be able to do something similar with a nortel switch.
0
 

Author Comment

by:jonske01
ID: 22827320
Thanks, the Nortel Switch does have it's own version of the show arp.  I was hoping there was some like trick I was missing.  Thanks anyway.

-Jon
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question