Wireshark

I tried to do port mirrorig and then use Wireshark.
I got this. But i have no clue who 10.0.0.29 is, it isent in my DHCP server. It does this all the time. Non stop reassembled PDU.

Can you help?
Unavngivet.jpg
Mike KristensenIT administratorAsked:
Who is Participating?
 
Dirk KotteConnect With a Mentor SECommented:
some network-clients don't answer the ping request, but they have to answer the arp-request.
Ping the device and than check the arp table (windows: arp -a).
Otherwise take your wireshark capture, expand the packet details, take the MAC from here.

Check the MAC with link provided by Malmensa.

the destination address points to box.com. this is a file storage like dropbox or sharefile. possible this helps you to identify the source.
0
 
Mal OsborneAlpha GeekCommented:
I am assuming that 10.0.0.1/24 is your local subnet? If so, try pinging 10.0.0.29, then type arp -g at a DOS prompt on a Windows box. This will spit out the MAC address of the device on 10.0.0.29.
Now, go to the link below, and enter that MAC address. This will give you some information about the manufacturer of the device. (You could also sniff the MAC address with Wireshark of course.)

http://macvendorlookup.com/

It may or may not provide a useful clue.
1
 
Mike KristensenIT administratorAuthor Commented:
So i tried this and tried to read more up on this..... I cant ping the address. The address is not set by the router.

10.0.0.1/24 is on 1 Ethernet port. 192.168.0.1 is on another.


I will keep recording more, but cant find anything for now.
0
 
Mike KristensenIT administratorAuthor Commented:
Problem just dissapered
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.