RE: Identifying a computer

["Batkin, Seva" <Seva_Batkin () canaccord com>]

Go to ther router
Find out PC's MAC address via arp cache
Go to the switch(s)
Find out what port the MAC address is on (via CAM table)
Trace cable

:)

Seva


-----Original Message-----
From: Cheetah [mailto:cheetahx () online no] 
Sent: December 3, 2003 7:38 AM
To: security-basics () securityfocus com
Subject: Identifying a computer

Hello.

I am helping the sysadmin on my local LAN to manage the network, etc.
We have limited internet-bandwidth, and therefore it is necessary to make
sure no-one is taking to much of the bandwidth, as others will not be able
to use the internet connection.

For the last 2 days, a new IP has appeared, and it is constantly using a lot
of bandwidth.
We have a linux-server running DHCP, DNS and the internet-connection. I have
checked the dhcpd.leases file, but the IP isn't there. I have also tried to
ping and scan this IP, but the computer is running a strong firewall, shows
no open ports and doesn't even respond to pings.

Is there any way I can get some information out of this computer without
running around and asking everyone what their IP is?

Tore



---------------------------------------------------------------------------
----------------------------------------------------------------------------


"Canaccord Capital Corporation <canaccord.com>" made the following
 annotations on 12/03/2003 04:01:19 PM
------------------------------------------------------------------------------
This message may contain confidential or privileged material. Any use of this information by anyone other than the 
intended recipient is prohibited.  If you have received this message in error, please immediately reply to the sender 
and delete this information from your computer. Thank you.
==============================================================================


---------------------------------------------------------------------------
----------------------------------------------------------------------------