[TriLUG] finding a MAC address
Joseph Mack NA3T
jmack at wm7d.net
Fri Aug 15 11:40:04 EDT 2008
On Fri, 15 Aug 2008, Christopher L Merrill wrote:
> Shawn Taylor wrote:
>> How did you find out there was an issue?
>
> Our VOIP provider blacklisted us as a result of the alleged activity :(
this is a layer 2 problem
o there is no IP as shown by arp -a
o the box is tftp'ing, presumably trying to get a kernel to
boot from. What boxes have gone down (crashed) lately and
are trying to reboot over ethernet? Do you have a deranged
wap or other embedded box?
layer 3 tools aren't going to do it. There are 2 different
arping programs. The one based on iproute2 is a layer 3
ping. The one by Habets
http://www.habets.pp.se/synscan/programs.php?prog=arping
has a layer 2 ping. If the device responds (apparently it
doesn't have to), you can then start pulling ethernet cables
till you find the offending box.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
More information about the TriLUG
mailing list