Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ip address

Status
Not open for further replies.
it1968

it1968

MIS
May 6, 2005
3
0
0
US
When I run sniffer pro on my network I get IPX traffic. But we don’t use ipx.
Is there any easy way to locate the source so I can disable protocol.
If I can find IP address that will be helpful
 
Sort by date Sort by votes
Here is what I do.
1 Capture the mac address of the IPX node(s).
2 Then set up a capture of the mac address(s).
3 Sooner or later the node should speak IP and you can capture the ip address & name of the device.
4 Then I run nbtstat -a 10.x.x.x to learn the windows name (this may already be in your capture).

Also, once you know the mac address you can check the arp table on the devices default gateway.

On Cisco switches, you display the mac address table (sometimes called CAM on other devices). If the device is active or recently active, it's mac address will be in the cam table. This matches the mac address with a switch port.

The command is IOS is "show mac-address-table"
I like to do this command
sh mac- | inc xxxx
where xxxx are the last four characters of the mac address.
 
Upvote 0 Downvote
thank you, that was very helpful. I was able to narrow it down to an interface on one of my switches. But still no ip address. I am wondering if there is a command or a tool to do a reverse lookup Mac to ip.
 
Upvote 0 Downvote
I presume a capture of the offending mac address was fruitless or not possible. When I know the mac address, I also run this cisco command on the device's default router.
sh arp | inc xxxx (where x is last 4 of the mac address).

Also, do a ping sweep of the vlan to which the switchport belongs to see if you "wake up" the suspect node.

 
Upvote 0 Downvote
It could be that someone has a rouge device on your network and is not running IP; highly unlikely. What type of IPX traffic is it?

Now that you know the port, you should disable the port. When the user can no longer gain access, they will call you. Make sure it is not an uplink to another switch. Sooner or later the user will come to you. The other way is effective also.

Just a thought.

I know what I know and that's all I know. What I don't know I'll find out.
 
Upvote 0 Downvote
What I often do to quickly check the ip of a mac or ipx the lazy way is to use the Sniffer Matrix Tool with Sniffer.
Switching between the IP, MAC and IPX tab.
 
Upvote 0 Downvote
do you have any JET-direct boxes? They are nice plug and play, but also braodcast out IPX (at least older version do, no sure about the latest version). Also printers with build in NW card, sometimes IPX need to be disabeled as it is enabeled by default.

Robert Wullems
Network Specialist
SCP/SCE/SCM/CNX/MCP/MCSA/Network+/CNA
***************************************
If you can Sniff it, you can solve it!
***************************************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

waydown
  • Locked
  • Question
Is public address static or not
Replies
0
Views
79
waydown
waydown
ellsanto
  • Locked
  • Question
rogue ip address and stp traffic 1
Replies
2
Views
76
ellsanto
ellsanto
akgta
  • Locked
  • Question
if i assign IP addresses in a workgroup, internet goes down
Replies
2
Views
61
NFI
NFI
countdrak
  • Locked
  • Question
Find if IP is in range
Replies
1
Views
36
NFI
NFI
fsteeman
  • Locked
  • Question
Mystery IP address perhaps DHCP server in router?
Replies
4
Views
36
AZeemeri
AZeemeri

Part and Inventory Search

Sponsor

Back
Top