Can you take a survey of all of the machines and their NICs? Something like 'psexec @c:\computers.txt ipconfig /all > out.txt'
Kurt On Tue, Jul 27, 2010 at 07:29, Fergal O'Connell <[email protected]> wrote: > > I can only see that mac on a wire shark trace – > > I cant find that mac on the managed switches – > > I exported an the arp table from all our managed switches and it’s not there. > > > > What does this mean: “MAC - 00:0f:1f:30:26:e3 is assigned to WW PCBA Test”? > MAC - 00:0f:1f:30:26:e3 is the MAC and WW PCBA Test appears to be the > manufacturer. > > Is that the box on your LAN experiencing the issue that you performed the > sniff on? I performed a wire shark trace on a VM that is connected to our > Core switch. > > Or are you suggesting that you see that MAC on the wire, and see that host > name associated with it, but don’t know where that host is? The Mac is not > associated with an IP address as it does not show up either in DHCP or the IP > arp table on the switches. > > > > > > From: Joseph L. Casale [mailto:[email protected]] > Sent: 27 July 2010 15:14 > To: NT System Admin Issues > Subject: RE: Possible Rogue device on the network > > > > You don’t have managed switches, you cant follow the mac from trunk to trunk > etc until you get to the ingress port? > > > > From: Fergal O'Connell [mailto:[email protected]] > Sent: Tuesday, July 27, 2010 8:06 AM > To: NT System Admin Issues > Subject: RE: Possible Rogue device on the network > > > > Still can’t seem to find a way to track this device though… > > I just can’t seem to find where this Mac is originating from. > > > > From: Richard Stovall [mailto:[email protected]] > Sent: 27 July 2010 12:45 > To: NT System Admin Issues > Subject: Re: Possible Rogue device on the network > > > > These guys seem to think that MAC address is from a Dell device. > > > > http://hwaddress.com/mac/000F1F-000000.html > > > > > > On Tue, Jul 27, 2010 at 5:53 AM, Terry Dickson <[email protected]> > wrote: > > I do not have notes on this, but if I remember correctly I have seen > something like this once in the past. The MAC is from a Wireless Connector > so look for a laptop(probably) that is connected with Wired connection but > still has wireless turned on. > > ________________________________ > > From: Fergal O'Connell [[email protected]] > Sent: Tuesday, July 27, 2010 4:34 AM > To: NT System Admin Issues > Subject: Possible Rogue device on the network > > HI Folks, > > > > We are having a sporadic network issue on our LAN which I am currently > trouble shooting – > > I ran a wire shark capture on one of the hosts that is affected and I want to > know what the following is > > I can’t find that Mac address on our network. > > I checked the DHCP and I checked the arp table on all our switches and > routers. > > MAC - 00:0f:1f:30:26:e3 is assigned to WW PCBA Test > > What I want to is find this device and turn off STP. > > > > Any idea’s? > > > > > > > > > > Regards > > Fergal O'Connell > > ICT Support > > > > > > > > > > > > > > > > > > > > The information in this email is confidential and may be legally privileged. > > > > > > > > > > It is intended solely for the addressee. Access to this email by anyone else > > > > > > > > > > is unauthorized. If you are not the intended recipient, any disclosure, > > > > > > > > > > copying, distribution or any action taken or omitted to be taken in reliance > > > > > > > > > > on it, is prohibited and may be unlawful. If you are not the intended > > > > > > > > > > addressee please contact the sender and dispose of this e-mail. Thank you. > > > > > > > > > > > > > > > > > > > > > > The information in this email is confidential and may be legally privileged. > > > > It is intended solely for the addressee. Access to this email by anyone else > > > > is unauthorized. If you are not the intended recipient, any disclosure, > > > > copying, distribution or any action taken or omitted to be taken in reliance > > > > on it, is prohibited and may be unlawful. If you are not the intended > > > > addressee please contact the sender and dispose of this e-mail. Thank you. > > > > > > > > > > The information in this email is confidential and may be legally privileged. > It is intended solely for the addressee. Access to this email by anyone else > is unauthorized. If you are not the intended recipient, any disclosure, > copying, distribution or any action taken or omitted to be taken in reliance > on it, is prohibited and may be unlawful. If you are not the intended > addressee please contact the sender and dispose of this e-mail. Thank you. > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
