Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

rogue ip address and stp traffic

Status
Not open for further replies.
ellsanto

ellsanto

MIS
Jul 17, 2007
32
0
0
US
I have a couple of issues that may or may not be related, so I am posting them together.

1. Using wireshark, I have found that i have several pcs that attempt to locate an IP address that is within my subnet, but not one of my systems. All of my systems are assigned static IPs. Occasionally when I run command arp -a on my PDC, the IP address shows on my list of connected clients. However it is listed as not having a MAC address and the IP type is "invalid" as opposed to "dynamic" like the others.

2. I have noticed an lot (a request every two seconds) of STP traffic across my network. I realize this may be nothing to be concerned about, but the source is a MAC address that I cannot locate on my network. Strange. It is not slowing the network or effecting it negatively, but if anyone can give me some insight into why this has happened, that would be great.

I have a small Server 2000 network with mostly WIN 2000 clients and a few lucky XP users.

ellsanto
-Gillan lives, have you met him?
 
Sort by date Sort by votes
For Point 1
Are these PCs that are trying to get an IP address yours? Are they part of your system? They are just trying to obtain an IP address and because they sit on the same subnet as your own system that is why you are seeing the traffic as the PC's will be broadcasting.

For Point 2
Write down the MAC address and go to enter the MAC address and that will tell you what vendor that device is from. This may help you in finding it.
 
Upvote 0 Downvote
Thanks for the replies. Here is what I found:

1. Quite a while back, a printer was set up with the "rogue" IP address. Turns out the printer was removed from the network, but the profile info was still in the registry. After deleting the key, I haven't seen any requests for that IP.

2. An unmanaged switch was the culprit.

Thanks again everyone for the replies.

ellsanto
-Gillan lives, have you met him?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
180
mangentle
mangentle
pomazip
  • Locked
  • Question
Windows Server 2019 mac address issue
Replies
2
Views
138
pomazip
pomazip
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
62
DrB0b
DrB0b
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
39
geneg28
geneg28
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
49
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top