Axiom Home Page Forums General Discussion The Water Cooler OT- Attention Network Admin

I have a strange question. I'm a network administrator myself and would like some feedback.

My question is this: Were can the log files be found or located for net send? Friday we had a joker send out a message to the entire domain that said "eat sh*t f**kers". The PC name was displayed but can't be found. The DHCP logs show the IP and Host name. Active Directory does not have a record of this PC. I'm chasing my tail, because HR wants someone’s head. I’m starting to believe that it’s a lost cause. Any ideas?

Thanks

Tom

...only a guess but I'm thinkin it wouldn't be logged unless you have auditing enabled

?

Do you keep logs of authentication? Where I work we have logs where I can do a search for computer names with the associated user ID. It shows me that a specific ID authenticated to the network via a specific computer (or exchange or whatever). You might be able to find it that way. However, if it was a personal PC (a laptop) just using your network it probably would not show up.
Also, if you don't have this configured it won't be tracked...

jr

Is there any way you can track down the MAC address of the offending computer? If you can get the MAC, the you may be able to track it to a specific network jack in your building.

If you use Cisco switches, and the offending computer is still on the network, then you can track it down to a specific port with the show mac-address-table address xxxx.xxxx.xxxx command. You'd have to run this command on every switch until you found a match.

MACs can be spoofed thou

I doubt that anyone dumb enough to do a broadcast insult over a network is smart enough to spoof a MAC.

do net send messages get saved in the event log?

no wait, i don't think they do... or maybe they do...

damn, i'm out of practice!

True, MACs can be spoofed, but you could still trace the spoofed address to a switch port.