![]() Detecting faulty network equipment that may be responsible for broadcast traffic storms.Generating a list of network devices for compliance standards such as GDPR.Other common use cases that we come across include: In their case, it was a faulty IP phone, and normal network operations resumed after it was shut down.Ī use case like the one above shows that the need to track devices on the network is important. As they had an inventory of MAC addresses and associated broadcast traffic, they located the rogue network device quickly. This resulted in connectivity issues on their network. ![]() Switches were reporting “Broadcast storm detected” and had applied filters as a defense mechanism. Recently, we heard of someone who had an issue during a very busy and critical time of the day. While this is useful for troubleshooting isolated issues, it is not very scalable when it comes to tracking all network device activity. In the past, MAC address capturing was typically done using packet analysis tools such as Wireshark. Common use cases for a MAC address tracker The image below shows a typical flow record with date, time, IP and port information. Logs and flow records focus more on IP addresses, which can move from device to device on networks that use DHCP. Server logs and flow data are not good data sources when it comes to capturing data for a MAC address tracker. If you monitor traffic on the wrong side of a routing device, like a firewall or network router, you may find that all traffic is associated with the firewall/router MAC address.Īn ideal location for capturing MAC addresses is the network core where traffic from clients and servers converges. You need to be careful about where you capture this information. This will give you access to network packets, and each packet will contain MAC addresses. The easiest way to capture MAC addresses is to monitor network traffic via a SPAN, mirror port, or TAP. Where can you capture MAC address information? ![]() If you get hit with something like ransomware, you will need to act fast and track down what is connected to your network quickly. However, it is good practice to maintain a list of what is connected to your network. Many compliance standards, such as GDPR, now require network managers to maintain a list of what is active on their networks. However, a lot of this inventory information is hidden behind the scenes, buried in MAC tables on switches and distributed across multiple devices. Devices cannot exchange data unless they know who to share it with. It is one of the fundamentals of networking. The concept of a network inventory has been around for a long time. As they are unique, they are used by network devices such as switches to maintain an inventory of what is connected to which switch port. Last updated at Thu, 19:24:55 GMT Why do we need to track MAC addresses?Ī media access control address ( MAC address) of a device is a unique identifier assigned to a network interface controller (NIC) for communications at the data link layer of a network segment.
0 Comments
Leave a Reply. |