Tak mam baze mac adresow.a) czy znasz poprawne maci wszystkich komputerów w sieci ?
Jesli chodzi ci o fizyczne zabezpieczenie, to tak.b) czy switche są zabezpieczone przed nieporządanym dostępem?
Pisalem juz o tym, ze tak wlasnie robilem - niestety nie moge zidentyfikowac w ktorym miejscu jest problem, bo wystepuje "losowo". Zaczalem sie juz zastanawiac czy przypadkiem nie jest to wina tego, ze mam zly ten 1 switch, tzn. czy nie ma on za malej pamieci ARP i po podlaczeniu za duzej ilosci komputerow zaczyna sie dlawic?zrobilbym tak.
Odcial kazdego switcha od sieci i przylaczal wpierw 1, jesli okej, to wylaczam 1, wlaczam 2 itd.. pomysl nad tym
Z tym jest roznie. Prze ostatnie 2 dni pakiety lecialy non stop, ale wczoraj w nocy nagle sie uspokoilo - ustawilem od razu arpwatch i moze logi cos pomoga (nie wysylam wszystkich, bo plik tekstowy ma 30MB - dane z 8 godzin - wycialem logi od momentu pojawienia sie pierwszej zmiany mac'a):A ja mam pytanie czy siec jest zalewana pakietami nawet teraz? Czyli 24h?
Kod: Zaznacz cały
Subject: new station
hostname: <unknown>
ip address: 192.168.0.132
ethernet address: 0:4:61:64:25:4f
ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:04:54 +0200
--------------------------------------------------------------------------------
Subject: new station
hostname: <unknown>
ip address: 192.168.0.134
ethernet address: 0:1a:4d:e:55:c4
ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:08:23 +0200
--------------------------------------------------------------------------------
Subject: changed ethernet address
hostname: <unknown>
ip address: 192.168.0.2
ethernet address: 0:1a:4d:e:55:c4
ethernet vendor: <unknown>
old ethernet address: 0:e0:4c:19:de:69
old ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:08:36 +0200
previous timestamp: Tuesday, September 25, 2007 8:08:33 +0200
delta: 3 seconds
--------------------------------------------------------------------------------
Subject: changed ethernet address
hostname: <unknown>
ip address: 192.168.0.5
ethernet address: 0:1a:4d:e:55:c4
ethernet vendor: <unknown>
old ethernet address: 0:30:4f:3b:46:27
old ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:08:36 +0200
previous timestamp: Tuesday, September 25, 2007 8:00:59 +0200
delta: 7 minutes
--------------------------------------------------------------------------------
Subject: changed ethernet address
hostname: <unknown>
ip address: 192.168.0.26
ethernet address: 0:1a:4d:e:55:c4
ethernet vendor: <unknown>
old ethernet address: 0:4:61:ff:7f:ff
old ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:08:36 +0200
previous timestamp: Tuesday, September 25, 2007 8:00:33 +0200
delta: 8 minutes
--------------------------------------------------------------------------------
Subject: changed ethernet address
hostname: <unknown>
ip address: 192.168.0.56
ethernet address: 0:1a:4d:e:55:c4
ethernet vendor: <unknown>
old ethernet address: 0:d:61:7a:73:d2
old ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:08:36 +0200
previous timestamp: Tuesday, September 25, 2007 8:04:38 +0200
delta: 3 minutes
--------------------------------------------------------------------------------
Subject: changed ethernet address
hostname: <unknown>
ip address: 192.168.0.63
ethernet address: 0:1a:4d:e:55:c4
ethernet vendor: <unknown>
old ethernet address: 0:14:85:a:33:97
old ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:08:36 +0200
previous timestamp: Tuesday, September 25, 2007 8:01:37 +0200
delta: 6 minutes
--------------------------------------------------------------------------------
Subject: changed ethernet address
hostname: <unknown>
ip address: 192.168.0.73
ethernet address: 0:1a:4d:e:55:c4
ethernet vendor: <unknown>
old ethernet address: 0:1a:4d:95:ea:3b
old ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:08:36 +0200
previous timestamp: Tuesday, September 25, 2007 8:05:34 +0200
delta: 3 minutes
--------------------------------------------------------------------------------
Subject: changed ethernet address
hostname: <unknown>
ip address: 192.168.0.78
ethernet address: 0:1a:4d:e:55:c4
ethernet vendor: <unknown>
old ethernet address: 0:17:9a:63:39:6e
old ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:08:36 +0200
previous timestamp: Tuesday, September 25, 2007 8:08:20 +0200
delta: 16 seconds
--------------------------------------------------------------------------------
Subject: flip flop
hostname: <unknown>
ip address: 192.168.0.26
ethernet address: 0:4:61:ff:7f:ff
ethernet vendor: <unknown>
old ethernet address: 0:1a:4d:e:55:c4
old ethernet vendor: <unknown>
timestamp: Tuesday, September 25, 2007 8:08:36 +0200
previous timestamp: Tuesday, September 25, 2007 8:08:36 +0200
delta: 0 seconds
IP bramy: 192.168.0.2
MAC bramy: 00:E0:4C:19:DE:69
A jesli chodzi o to mostkowanie polaczenia, to bedzie maly problem, bo w tej chwili robie to zdalnie i wydaje polecenia osobie ktora jest na miejscu.
Czy majac zarzadzalnego switcha za serwerem moglbym zrobic cos podobnego?
Macie jakies pomysly?