Wireshark · Ethereal-users: Re: [Ethereal-users] Rookie question

Ethereal-users: Re: [Ethereal-users] Rookie question

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Linux Hawk <linux_hawk@xxxxxxxxx>

Date: Mon, 13 Jun 2005 17:43:48 -0700 (PDT)

Found it...

Thanks for the help and education...

Thank you, Thank you, Thank you, 


--- ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:

> ether src 00:11:22:33:44:55
> 
> 
> On 6/14/05, Linux Hawk <linux_hawk@xxxxxxxxx> wrote:
> > As far as the NAS goes, we do have a NAS Server,
> but I
> > know it's mac address and it is not the mac
> address
> > that is "Doing the Apple thing : ( "
> > 
> > Great suggestion though.
> > 
> > Is it possible to create a filter to just capture
> the
> > packets with the particular source mac address?
> > 
> > 
> > --- ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
> wrote:
> > 
> > > See if you can capture other types of traffic
> from
> > > that host,   maybe
> > > set up a span port and capture all traffic
> io/out of
> > > the port where
> > > the appletalk host is connected and see if the
> > > traffic gives clues on
> > > what box it might be.
> > >
> > > Breen's suggestion that it might be a nas
> fileserver
> > > makes a lot of sense.
> > > Do you have such devices in your network?
> > >
> > > If the device also talks IP you might find the
> IP
> > > address of the
> > > device by capturing ARP traffic on the network
> and
> > > checking if you
> > > have any ARP broadcasts coming from that same
> mac
> > > address.   the
> > > reply-to field in the arp packet will contain
> the ip
> > > address of the
> > > device.
> > > If you find an ip address   you can then point
> NMAP
> > > and SNMPWALK
> > > towards it and see what additional system
> > > infromation you can extract
> > > from the device to aquire even more data to
> > > identifying the device.
> > >
> > >
> > > On 6/14/05, Linux Hawk <linux_hawk@xxxxxxxxx>
> wrote:
> > > > I have already started documenting...
> > > > And I am working up the nerve to pull and wait
> for
> > > > screaming. I have thought of that, but I will
> wait
> > > > until I finish the gruelling topology lay-out.
> > > >
> > > > Thanks
> > > >
> > > > --- ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
> > > wrote:
> > > >
> > > > > On 6/14/05, Linux Hawk
> <linux_hawk@xxxxxxxxx>
> > > wrote:
> > > > >
> > > > > > My question at this point is why in the
> main
> > > > > window of
> > > > > > Ethereal why does it give something like #
> # #
> > > # #
> > > > > . 1
> > > > > > instead of a IP Address?
> > > > >
> > > > > Because it is not an IP packet. It is an
> > > AppleTalk
> > > > > packet.
> > > > >
> > > > > > The Source said it is from a Sercom
> product.
> > > > >
> > > > > sercom appears to be a company selling
> > > measurement
> > > > > instruments. Maybe
> > > > > you have such equipment in your network. 
> Maybe
> > > for
> > > > > some weird reason
> > > > > these devices implement AppleTalk?
> > > > >
> > > > > >
> > > > > > I get 2 different Mac addresses.
> > > > > > I can locate the Source mac address on our
> > > Network
> > > > > > Switch.
> > > > > > I found which port it is, but our building
> is
> > > all
> > > > > > mislabeled
> > > > >
> > > > > You should then make documenting your
> network
> > > > > topology your highest priority.
> > > > > You should ALWAYS have a fully documented
> > > topology
> > > > > diagram with
> > > > > detailed and accurate and up to date showing
> > > every
> > > > > single wire.
> > > > >
> > > > > If you dont want to follow the cables what
> you
> > > can
> > > > > do and IFF you are
> > > > > ABSOLUTELY sure the device is not vital for
> > > running
> > > > > your production
> > > > > network (like being the uplink router):
> > > > > Pull that cable from the switch and wait for
> > > someone
> > > > > to start screaming.
> > > > >
> > > > >
> _______________________________________________
> > > > > Ethereal-users mailing list
> > > > > Ethereal-users@xxxxxxxxxxxx
> > > > >
> > > >
> > >
> >
>
http://www.ethereal.com/mailman/listinfo/ethereal-users
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > > __________________________________
> > > > Discover Yahoo!
> > > > Find restaurants, movies, travel and more fun
> for
> > > the weekend. Check it out!
> > > > http://discover.yahoo.com/weekend.html
> > > >
> > > >
> > >
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
> 



		
__________________________________ 
Yahoo! Mail 
Stay connected, organized, and protected. Take the tour: 
http://tour.mail.yahoo.com/mailtour.html

Prev by Date: Re: [Ethereal-users] Rookie question
Next by Date: RE: [Ethereal-users] UDP Packets everywhere
Previous by thread: Re: [Ethereal-users] Rookie question
Next by thread: [Ethereal-users] using ethereal to decode dtap packets
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$