+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Wired Networks Thread, Identify a network device in Technical; Originally Posted by mikeyd101 How about something like wireshark on a machine upstream filtered by the ip address. You might ...
  1. #16

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,759
    Thank Post
    3,269
    Thanked 1,052 Times in 973 Posts
    Rep Power
    365
    Quote Originally Posted by mikeyd101 View Post
    How about something like wireshark on a machine upstream filtered by the ip address. You might be able to find out what / if any traffic is being generated.
    @mikeyd101 - not done this before , any chance of some brief step by step instructions on how you would do this on or in wireshark ?

    Ta

  2. #17

    Join Date
    Jan 2013
    Posts
    98
    Thank Post
    23
    Thanked 11 Times in 10 Posts
    Rep Power
    5
    its been a while since i done any packet filtering stuff, get wireshark installed and running and think its fairly self explanatory installer. Start it up and hit capture and go (think this will capture everything, and good test to make sure your actually capturing something). Then there is a filter box which i believe you can use and option like:

    ip.addr==X.X.X.X

    to filter only traffic in/out bound to that address. Again its worth checking this first using a known IP that you can generate traffic on (i.e. your own laptop, and web browse to somewhere). I'm not sure how IP broadcast / listening works over routers, so you might have todo some more digging. I'll try and find a wireshark quickstart.

    shows basics of using wireshark.
    https://www.youtube.com/watch?v=NHLTa29iovU

    Also some network cards work better than others with wireshark, think its todo with if they can work in promiscuous mode.

    Good luck hope you find the device.
    Last edited by mikeyd101; 18th June 2013 at 05:34 PM.

  3. Thanks to mikeyd101 from:

    mac_shinobi (18th June 2013)

  4. #18
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    329
    Thank Post
    5
    Thanked 34 Times in 29 Posts
    Rep Power
    23
    Hello,

    You will want to setup port mirroring on the port you want to monitor. Switches only send traffic to the port it is Destin for, unless it is a broadcast. Port mirroring will send a copy of the traffic to the port you specify. This will allow wire shark to capture it.

    Regards,

  5. #19
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    671
    Thank Post
    41
    Thanked 17 Times in 16 Posts
    Rep Power
    22
    After using the switch port mapper that I mentioned above I have found the device. Its one of our servers, however that's only half of it although it has it own IP and MAC address it seems to have a phantom IP and MAC address. Has anyone had an issue like this before? I have proved it by doing a ping -t to the ip address and removed the network cable. but the adapter definatley has its proper IP and MAC and a phantom set?????.


    On another note I have found a graphing tool to go with Wireshark that is being talked about about, WildPackets Network Forensics Utility "Compass" it can be downloaded here Compass Free - CNET Download.com

    Compass.PNG
    Last edited by edie209; 19th June 2013 at 01:11 PM.

  6. #20


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,638
    Thank Post
    275
    Thanked 778 Times in 605 Posts
    Rep Power
    223
    Quote Originally Posted by edie209 View Post
    After using the switch port mapper that I mentioned above I have found the device. Its one of our servers, however that's only half of it although it has it own IP and MAC address it seems to have a phantom IP and MAC address. Has anyone had an issue like this before?
    Off the top of my head - onboard management sharing the network interface.

  7. #21

    Join Date
    Jan 2013
    Posts
    98
    Thank Post
    23
    Thanked 11 Times in 10 Posts
    Rep Power
    5
    is there a VM running on the machine, that could have its own ip and mac?

  8. #22
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,478
    Thank Post
    515
    Thanked 287 Times in 263 Posts
    Rep Power
    81
    Is it not ILO ?

    I know some of our IBM's have "Phantom IP's" this is for connecting to them remotely via console, it's sop you can interact with BIOS and see it reboot etc.

  9. #23

    Join Date
    Feb 2013
    Posts
    119
    Thank Post
    46
    Thanked 8 Times in 7 Posts
    Rep Power
    5
    Its not the connection to a UPS is it?

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Shares and Network devices visibility...
    By Ben-BSH in forum Wireless Networks
    Replies: 3
    Last Post: 4th November 2009, 02:53 PM
  2. Unknown network device
    By leco in forum How do you do....it?
    Replies: 11
    Last Post: 7th January 2009, 08:04 PM
  3. Disable Network Device
    By FN-GM in forum Scripts
    Replies: 2
    Last Post: 10th December 2008, 12:57 PM
  4. Replies: 6
    Last Post: 2nd September 2008, 08:18 PM
  5. Small cheap network device with basic webserver?
    By pete in forum Wireless Networks
    Replies: 1
    Last Post: 13th June 2008, 09:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •