Solved

Wireshark

Posted on 2016-09-27
4
73 Views
Last Modified: 2016-10-12
I tried to do port mirrorig and then use Wireshark.
I got this. But i have no clue who 10.0.0.29 is, it isent in my DHCP server. It does this all the time. Non stop reassembled PDU.

Can you help?
Unavngivet.jpg
0
Comment
Question by:Mike Kristensen
  • 2
4 Comments
 
LVL 17

Expert Comment

by:Malmensa
ID: 41819252
I am assuming that 10.0.0.1/24 is your local subnet? If so, try pinging 10.0.0.29, then type arp -g at a DOS prompt on a Windows box. This will spit out the MAC address of the device on 10.0.0.29.
Now, go to the link below, and enter that MAC address. This will give you some information about the manufacturer of the device. (You could also sniff the MAC address with Wireshark of course.)

http://macvendorlookup.com/

It may or may not provide a useful clue.
1
 

Author Comment

by:Mike Kristensen
ID: 41825276
So i tried this and tried to read more up on this..... I cant ping the address. The address is not set by the router.

10.0.0.1/24 is on 1 Ethernet port. 192.168.0.1 is on another.


I will keep recording more, but cant find anything for now.
0
 
LVL 23

Accepted Solution

by:
Dirk Kotte earned 500 total points
ID: 41829295
some network-clients don't answer the ping request, but they have to answer the arp-request.
Ping the device and than check the arp table (windows: arp -a).
Otherwise take your wireshark capture, expand the packet details, take the MAC from here.

Check the MAC with link provided by Malmensa.

the destination address points to box.com. this is a file storage like dropbox or sharefile. possible this helps you to identify the source.
0
 

Author Closing Comment

by:Mike Kristensen
ID: 41839876
Problem just dissapered
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question