Ethereal-users: Subject: Re: [Ethereal-users] finding machine that send broadcasts
Another way to determine this is if you have manageable switches, such as cisco, you can look at numerous counters on the switch to determine which port the broadcasts are coming from.
For the Cisco CatOS series switches, do a "clear counters" then "sho mac". This will clear out ALL of the counters on the switch, and sho mac will show you which ports are trx the broadcasts. "sho top bcst" will also show you the top broadcasters on that switch, however this command is a little more process intensive, so if you are experiencing a broadcast storm, this command may be too much for the switch.
Message: 5
Date: Tue, 10 Dec 2002 11:03:16 -0800
From: Guy Harris <guy@xxxxxxxxxx>
To: "S. Ancelot" <sancelot@xxxxxxx>
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] finding machine that send broadcasts
On Tue, Dec 10, 2002 at 04:42:21PM +0100, S. Ancelot wrote:
> I would like to use ethereal to find which machine sends broadcasts on
> my network,
> how to do that with ethereal ?
Well, one way to do that might be to do a capture with Ethereal using
the capture filter "broadcast"; when you stop the capture, it should
show you all the broadcast packets on the network.
You'd then have to look at the link-layer and network-layer addresses in
those packets to see what machines are sending the broadcasts;
translating those addresses to actual pieces of hardware may be harder,
and there's not much Ethereal can do about that (at most, it can try to
look up the link-layer addresses and tell you the names for those
addresses, or the probable vendors of the machines or their networking
cards, and try to look up the network-layer addresses and tell you the
names for those addresses).