To troubleshoot a problem I'm having, I fired up Wireshark. I immediately noticed a lot of ARP broadcasts:
10:08:34.231459 arp who-has 172.16.100.103 (Broadcast) tell 172.16.100.103 Wireshark gives me the MAC address of (supposedly) the host blasting this out. But I cannot find that MAC address on my network... I've checked the ARP tables of the switches and hosts in each segment after doing a broadcast ping. Googling turned up a few vague references to "a worm". Any ideas on how to track this down? Maybe a way to figure out which physical port on the switch (Cisco 2970) is responsible? -- *********************************************************************** * John Oliver http://www.john-oliver.net/ * * * *********************************************************************** -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
