Jump to content

Track something down on the network -- HOW?

Team_RGB
By Team_RGB
in Networking
 Share
Posted

Something on my network is performing a port scan every couple of days. Coworker on a Mac with Norton or Symantec running brought it to my attention. Are there any innocuous devices that might be the culprit? How to I find this thing? Wireshark? Sharks with lasers? I'm guessing it's not malicious, but better safe than sorry.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Did the norton/symantec on the mac give the IP address? If so, the next step is to get the MAC address (check the arp table on the mac computer right after the next alert, or check your router’s ARP table and/or DHCP). Then you can start tracing the MAC, assuming you have Smart or Managed switches. If you just have dumb switches then there isn’t any way to check their MAC table. You can also take the MAC and look up the hardware vendor online, but this doesn’t always help identify the device.

 

If you have any type of network security appliance (Fing, some firewalls and routers, etc) then those scans are part of its normal operation. Otherwise, you might have a computer that is infected, or an attacker in your network.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×