Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Wireshark

Posted on 2016-09-27
4
Medium Priority
?
109 Views
Last Modified: 2016-10-12
I tried to do port mirrorig and then use Wireshark.
I got this. But i have no clue who 10.0.0.29 is, it isent in my DHCP server. It does this all the time. Non stop reassembled PDU.

Can you help?
Unavngivet.jpg
0
Comment
Question by:Mike Kristensen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Expert Comment

by:Mal Osborne
ID: 41819252
I am assuming that 10.0.0.1/24 is your local subnet? If so, try pinging 10.0.0.29, then type arp -g at a DOS prompt on a Windows box. This will spit out the MAC address of the device on 10.0.0.29.
Now, go to the link below, and enter that MAC address. This will give you some information about the manufacturer of the device. (You could also sniff the MAC address with Wireshark of course.)

http://macvendorlookup.com/

It may or may not provide a useful clue.
1
 

Author Comment

by:Mike Kristensen
ID: 41825276
So i tried this and tried to read more up on this..... I cant ping the address. The address is not set by the router.

10.0.0.1/24 is on 1 Ethernet port. 192.168.0.1 is on another.


I will keep recording more, but cant find anything for now.
0
 
LVL 24

Accepted Solution

by:
Dirk Kotte earned 2000 total points
ID: 41829295
some network-clients don't answer the ping request, but they have to answer the arp-request.
Ping the device and than check the arp table (windows: arp -a).
Otherwise take your wireshark capture, expand the packet details, take the MAC from here.

Check the MAC with link provided by Malmensa.

the destination address points to box.com. this is a file storage like dropbox or sharefile. possible this helps you to identify the source.
0
 

Author Closing Comment

by:Mike Kristensen
ID: 41839876
Problem just dissapered
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Make the most of your online learning experience.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question