"Active Monitor" is a Token Ring term. This means you have Ethereal running
on a Token Ring network. There are a bunch of people who are going to want
your help duplicating that. :-)
The Active Monitor will *never* be a hub or switch. It will *always* be a
workstation or server (a node on the network). It *might* be a router, but
never a switch or hub (in my experience).
That field you see "IBM_78:40:38" is the MAC address in what I jokingly
refer to as "hidden notation". The OUI (Organizational Unit Identifier -
assigned by IEEE) has been replaced with "IBM_". IBM's OUI is 08:00:5A (or
10:00:5A, depending on canonical vs. non-canonical format, which becomes
significant on Token Ring).
To make a long story short, the MAC address of the Active Monitor on your
network is 08:00:5A:78:40:38. All you have to do to find out who that is is
to look in your router's ARP table (or ping everything and look in *your*
ARP table) and match up the addresses. If the AM is using IP, it'll be in
that table.
Doing that "reverse ARP" may not be a trivial task, depending on whether
your network is switched or shared, and whether or not you have access to
the router, and whether or not the router allows SNMP queries using the
"public" community (Try the ipNetToMediaPhysAddress MIB using community
"public". "perldoc SNMP" if you don't know how, or install scotty-2.1.10
and run 'mibtree').
Hope that helps...
--J
> -----Original Message-----
> From: Ralf Sch�nian [mailto:Ralf.Schoenian@xxxxxxxxxxxxxxxxx]
> Sent: Wednesday, May 17, 2000 1:34 AM
> To: ethereal-users@xxxxxxxx
> Subject: [ethereal-users] IBM_78:40:38
>
>
> Hello,
>
> does anyone know some very good introduction to all the
> protocolls and
> information
> I can get from ethereal?
> For example I would like to know who is the active monitor.
> In the field
> destination
> I got the info IBM_78:40:38. This should be a hub or switch
> in our network
> but how
> can I find out which one it is?
>
> Kindest regards, Ralf.
>
