Solved

How do I Tracking down two pcs on the LAN???

Posted on 2008-10-27
2
712 Views
Last Modified: 2012-05-05
In this environment there is a Cisco ASA 5510 which sits between the Corporate LAN and WAN.  Within the LAN there is a Nortel Layer 3 switch which handles the internal routing/switching.  I have been trying to track down a couple of pcs for some time and have not had any luck in doing so.  On a daily basis we are receiving the following syslogs (below).  The logs dont concern me all that much considering the events are occurring on the inside interface, however the higher-ups are increasingly getting impatient to track these pc down.


Oct 23 2008 13:33:57: %ASA-1-106021: Deny UDP reverse path check from 169.254.70.48 to 129.6.15.29 on interface inside

Oct 27 2008 09:14:23: %ASA-1-106021: Deny TCP reverse path check from 10.87.7.224 to 207.190.242.134 on interface inside

The first system log is most likely a windows xp pc (169.254.0.0/24) which is trying to synchronize its time with a public time server.  From my research a 169.254.0.0/24 is not routable so this means the pc should be on the same LAN which is connected to the ASA.  I put my laptop on the LAN with a valid IP address and a 169.254.xx.xx and unfortunately have not been able to ping or find the MAC address for 169.254.70.48.  

The second system log is a pc with an an IP that is outside of the local IP addressing scheme.  Its most likely a pc sitting behind a low-end firewall which I cannot ping, tracert, etc.  I am not sure as to how to track this pc down.  


Any guidance on this would be greatly appreciated,

-Jon
0
Comment
Question by:jonske01
2 Comments
 
LVL 3

Accepted Solution

by:
leonjs earned 375 total points
ID: 22813768
The last time I had this situation I logged into each one of our switches (Cisco) and did a show arp which will show the IP address, mac address and port.
You should be able to do something similar with a nortel switch.
0
 

Author Comment

by:jonske01
ID: 22827320
Thanks, the Nortel Switch does have it's own version of the show arp.  I was hoping there was some like trick I was missing.  Thanks anyway.

-Jon
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now