Security Basics mailing list archives
RE: Identifying a computer
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 3 Dec 2003 13:36:28 -0800
If you can capture any of the packets with a sniffer, you should be able to find the source MAC address. In the usual case, the network switch(es) should be able to tell you which switch port that address originates on. Unless the MAC address is being spoofed, the prefix (first three of the six bytes) will be one assigned to the manufacturer of the network interface device or NIC. That can provide a pretty strong clue as to what sort of device you're looking for: PC, Mac, SUN, LinkSys router, etc. If your network isn't switched, this isn't going to help much. If there's wireless in the network (and if there are lots of users, one of them might have added an access point without bothering to tell the sysadmin!), the device might be out in the parking lot. If the address isn't leased via DHCP, you might just block it at your firewall or border router and see who complains. David Gillett
-----Original Message----- From: Cheetah [mailto:cheetahx () online no] Sent: December 3, 2003 07:38 To: security-basics () securityfocus com Subject: Identifying a computer Hello. I am helping the sysadmin on my local LAN to manage the network, etc. We have limited internet-bandwidth, and therefore it is necessary to make sure no-one is taking to much of the bandwidth, as others will not be able to use the internet connection. For the last 2 days, a new IP has appeared, and it is constantly using a lot of bandwidth. We have a linux-server running DHCP, DNS and the internet-connection. I have checked the dhcpd.leases file, but the IP isn't there. I have also tried to ping and scan this IP, but the computer is running a strong firewall, shows no open ports and doesn't even respond to pings. Is there any way I can get some information out of this computer without running around and asking everyone what their IP is? Tore -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Epithet Steve . Kirby (Dec 02)
- Re: Epithet Alexander Lukyanenko (Dec 02)
- Identifying a computer Cheetah (Dec 03)
- Re: Identifying a computer Bryan Allen (Dec 03)
- RE: Identifying a computer Optrics Engineering - Shaun Sturby, MCSE (Dec 03)
- Re: Identifying a computer Ranjeet Shetye (Dec 03)
- Re: Identifying a computer ~Kevin DavisĀ³ (Dec 04)
- Re: Identifying a computer Ranjeet Shetye (Dec 05)
- Identifying a computer Cheetah (Dec 03)
- RE: Identifying a computer David Gillett (Dec 03)
- Re: Identifying a computer Tim Willard (Dec 03)
- RE: Identifying a computer Jason Balicki (Dec 04)
- Re: Identifying a computer Meritt James (Dec 05)
- Re: Epithet Alexander Lukyanenko (Dec 02)
- RE: Identifying a computer Duston Sickler (Dec 04)
- Re: Identifying a computer Andy Cuff [Talisker] (Dec 04)
- Re: Identifying a computer David Glosser (Dec 19)
- Re: Identifying a computer Peter Wohlers (Dec 19)
- <Possible follow-ups>
- Re: Epithet SMiller (Dec 02)
- Re: Epithet Jimi Thompson (Dec 08)
- Re: Epithet Meritt James (Dec 08)
- Re: Epithet Jimi Thompson (Dec 08)