Amy Tanner <amy at real-time.com> writes: > On Wed, Sep 12, 2001 at 10:33:41AM -0500, Troy.A Johnson (troy.johnson at health.state.mn.us) wrote: > > Amy, > > > > If you have a linux box you can use DHCP on I think > > it should show up in the logs, but the device might be > > using a 192.168.1.X address. > > > > I would look for a little hardware device that is > > supposed to just route, serve up printers, or be NAS > > and it might be on the list of possible culprits. > > Yes, I realize that's probably what it is - in the past I've found > ISDN routers and such that do this. However, I'm wondering if > there are any tools other than walking around and physically looking > for such a device. Tools that might indicate what the device is? Packet sniffer? Find the traffic where some rogue device is answering the request, and you can get the IP and ethernet address of it. This gets more, um, interesting on a network segmented with switches, of course. And finding the actual device from the IP and/or ethernet address can be challenging still. I think maybe in a *modern* switched network with managed switches and suitable software you can just ask what segment that hardware address is on, but I don't work in that environment so my knowledge is strictly theoretical. -- David Dyer-Bennet / Welcome to the future! / dd-b at dd-b.net Photos: http://dd-b.lighthunters.net/ Book log: http://www.dd-b.net/dd-b/Ouroboros/booknotes/