Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Wireshark

Posted on 2016-09-27
4
Medium Priority
?
121 Views
Last Modified: 2016-10-12
I tried to do port mirrorig and then use Wireshark.
I got this. But i have no clue who 10.0.0.29 is, it isent in my DHCP server. It does this all the time. Non stop reassembled PDU.

Can you help?
Unavngivet.jpg
0
Comment
Question by:Mike Kristensen
  • 2
4 Comments
 
LVL 20

Expert Comment

by:Mal Osborne
ID: 41819252
I am assuming that 10.0.0.1/24 is your local subnet? If so, try pinging 10.0.0.29, then type arp -g at a DOS prompt on a Windows box. This will spit out the MAC address of the device on 10.0.0.29.
Now, go to the link below, and enter that MAC address. This will give you some information about the manufacturer of the device. (You could also sniff the MAC address with Wireshark of course.)

http://macvendorlookup.com/

It may or may not provide a useful clue.
1
 

Author Comment

by:Mike Kristensen
ID: 41825276
So i tried this and tried to read more up on this..... I cant ping the address. The address is not set by the router.

10.0.0.1/24 is on 1 Ethernet port. 192.168.0.1 is on another.


I will keep recording more, but cant find anything for now.
0
 
LVL 24

Accepted Solution

by:
Dirk Kotte earned 2000 total points
ID: 41829295
some network-clients don't answer the ping request, but they have to answer the arp-request.
Ping the device and than check the arp table (windows: arp -a).
Otherwise take your wireshark capture, expand the packet details, take the MAC from here.

Check the MAC with link provided by Malmensa.

the destination address points to box.com. this is a file storage like dropbox or sharefile. possible this helps you to identify the source.
0
 

Author Closing Comment

by:Mike Kristensen
ID: 41839876
Problem just dissapered
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question