Re: IP address conflicts / locating

[Randy Grimshaw <rgrimsha () SYR EDU>]

using snmp
you can ask the layer 3 router for the MAC address currently using an IP.
using a database of your layer 2 switches, you can ask each one (usually in a subnet range) for the port a MAC address 
has been seen on. It is also useful to ask how many devices are on that said port so that you can rank the most likely 
port as being the one with the fewest total users. You can then lock the port if desired or track the user based on the 
quality of your data.
<><Randy


<><Randall Grimshaw
Room 203 Machinery Hall
Syracuse University
Syracuse, NY   13244
315-443-5779
rgrimsha () syr edu

> > > kshalla () UIC EDU 12/15/2005 6:54:55 PM >>>
At our school, all our IPs are public and statically 
assigned.  Because we're a large school, and IP management is 
decentralized, we often have IP address conflicts.  Our resolution 
procedure is to call the network group which filters that IP 
address.  Then we wait until the perpetrator calls the network group 
to say that the network isn't working.  Then the perpetrator is told 
to use a different address, and the original computer can have that 
IP address back.  This can work when people are merely making 
mistakes, however we're noticing rogue servers being installed, and 
when they get filtered, they simply move on to another address.

I've asked if we can get a tool which will take as input the IP 
address, and give the switch port where this IP is active, identify 
where this switch is, and further identify to which building and room 
that port connects.  Do other schools have this ability, or am I 
asking for too much?