Re: How to find a changing IP on ethernet network

["Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA" <lists () infostruct net>]

 Ivan,

This is an interesting situation. Here are a few possible ways to 
address it:

1. Send an e-mail to the user community explaining the problem and 
asking them to leave their IP address configurations alone.

2. In case you don't know, as the new system boots it announces its IP 
address to the network. If another system already has that IP address, 
it will reply and the new system will shut down the interface running 
the duplicate IP.

a. From the new system, run the arp command (arp -a).

C:\> arp -a

Interface: 192.168.2.100 --- 0x20002
 Internet Address      Physical Address      Type
 192.168.2.1           00-06-25-c0-93-65     dynamic

This will list the IP address and associated MAC (hardware) address 
(e.g. 00-06-25-c0-93-65).

b. Now all you need to do is find out which system has that MAC address:

C:\> ipconfig /all (output abbreviated)

       Physical Address. . . . . . . . . : 00-06-25-c0-93-65

3. You could also use tcpdump or windump (http://windump.polito.it) to 
sniff the network traffic for that specific IP and view the resulting 
dump file with Ethereal (http://www.ethereal.com). This is a bit 
advanced for the average user.

If you have any additional questions, please do not hesitate to contact me.

Kind regards,

Gideon

Gideon T. Rasmussen
CISSP, CISM, CFSO, SCSA
Boca Raton, FL
gideon () infostruct net

National Security Awareness Day - September 10, 2004 - Are you aware?

Subject: How to find a changing IP on ethernet network
From: Ivan Andres Hernandez Puga <ivan.hernandez () globalsis com ar>
Date: Fri, 20 Feb 2004 11:54:29 -0300
To: security-basics () securityfocus com

Hello. I have a client with a simple Ethernet network with HUB's 
connecting and there is one person that is changing it's IP and creating 
conflicts. What would you do to track down that person? i mean, to find 
who does that?

Thanks!

Ivan Hernandez




---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------