Detecting unused ports on a network

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Thanks Harry I am going to google SNMP right now!!

Harry - does your expertise cover Virtual LAN??

 

No worries mate at least you had a go.

I think it was SGUK who said "The only dumb question is the one not asked" on post 105808

 

Thanks for the advice mate, if I can't get SNMP or NetMRI to work I will give that ago!

 

Yes and no, the problem is ..and I blame HR for this.. is that people leave or move offices. IT should be informed when they leave. They should fill in an exit form when they leave but they don't therefore the PC and port stay live and connected to the network. The other problem we have is users move the computers without the knowledge of the IT Dept.

The best one I have come across is a user leaving and returning to work after a 6 month break either on maternity leave or just leaving all together and then 1 year later getting their old job back and expecting their AD account to be live and all their emails and files stored by IT Dept. It really cracks me up that IT are expected to keep peoples files after they have left because one day they just might come back.

 

Thanks BM and thanks for the link

 

Thanks Sparky - that's a good find!!

 

That's something I come across everyday - the pst file mainly old archive emails that users insist in keeping. We have a limit of 500 emails in the inbox on each AD profile after that the user has to archive to local disk or delete them. but they never do

 

UCM

Currently sat in our data centre bored out of my skull running SmartStart on a server, so thought I'd chime back in

Looks like you've got a NAC box sitting on your network (Mirage, or a Cisco box or maybe even (whisper it quietly) my favourite - Sourcefire!) What most of these boxes do is quite cunning - basically it amounts to ARP spoofing or 'tarpitting'. They claim all the available 'spare' addresses in a configured range then sit there on a mirror port listening to the traffic across the network. Any device that tries to communicate outside a set boundary of permissible activity (ping sweeping would DEFINITELY fall into this category) is designated as a rogue device and remedial action is taken. This is usually in the form of tricking the machine into thinking that the NAC box is actually its default gateway - very ingenious.

It is basically a hack - arp spoofing the DG is an old trick used by hackers to grep traffic from all the communicating hosts on a network segment (I've done it myself on occasion using Ettercap or Cain & Abel) but there is a way round it. You need to speak to the security admin and tell him what you're doing, and why you need to do it. If he's worth his salt then chances are he will already have the information you're looking for anyway! I know the first thing I always do starting anywhere new is get the network diagrams up to scratch - it may well be that you just have to ask him nicely and he'll give you all the info you need - or, at the very least, create a temporary exception for your workstation on the NAC box (usually under a setting called 'never deceive' or 'do not deceive') which will allow you to ping sweep during a specific window

HTH

 

Ahh, yes, I see your problem. In that case sandblasting would be a solution... I mean those who alter the network without informing the IT team.

... Surely you have backups. Couldn't just restore the situation from a year back? That way at least one person would be happy
Serious, the only problem you really have is diciplin. No network tool is going to help you with that. Lots of luck with that and in the meantime, good luck with the network.