Home page logo

basics logo Security Basics mailing list archives

RE: Identifying a computer
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 3 Dec 2003 13:36:28 -0800

  If you can capture any of the packets with a sniffer, you should
be able to find the source MAC address.  In the usual case, the 
network switch(es) should be able to tell you which switch port
that address originates on.
  Unless the MAC address is being spoofed, the prefix (first three
of the six bytes) will be one assigned to the manufacturer of the
network interface device or NIC.  That can provide a pretty strong 
clue as to what sort of device you're looking for:  PC, Mac, SUN,
LinkSys router, etc.

  If your network isn't switched, this isn't going to help much.
If there's wireless in the network (and if there are lots of users,
one of them might have added an access point without bothering to
tell the sysadmin!), the device might be out in the parking lot.

  If the address isn't leased via DHCP, you might just block it at 
your firewall or border router and see who complains.

David Gillett

-----Original Message-----
From: Cheetah [mailto:cheetahx () online no]
Sent: December 3, 2003 07:38
To: security-basics () securityfocus com
Subject: Identifying a computer


I am helping the sysadmin on my local LAN to manage the network, etc.
We have limited internet-bandwidth, and therefore it is 
necessary to make
sure no-one
is taking to much of the bandwidth, as others will not be 
able to use the
internet connection.

For the last 2 days, a new IP has appeared, and it is 
constantly using a lot
of bandwidth.
We have a linux-server running DHCP, DNS and the 
internet-connection. I have
checked the
dhcpd.leases file, but the IP isn't there. I have also tried 
to ping and
scan this IP, but the computer
is running a strong firewall, shows no open ports and doesn't 
even respond
to pings.

Is there any way I can get some information out of this 
computer without
running around
and asking everyone what their IP is?




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]