IP connection tracking

[MR]

I have a firewall complaining that an address in the
169.254.x.x range is trying to be accessed by our proxy
server. The specific port keeps incrementing throughout
the day. It only occurs during business hours but I can't
seem to associate with an individual workstation coming
online. I'm not aware of Proxy using this address but
port usage of this type could be normal. Is there a way
to have the server log what app or other service is trying
to make that connection? NETSTAT, etc? If it's found to
be proxy then I'll need to figure out why. None of the
proxy logs show this address or show anything being
accessed at these particular moments.

Thanks

 

[Brendon Rogers]

169.254.x.x is the address range used by Automatic Private IP Addressing
(APIPA). W2K and up use this feature: if a PC cannot contact a DHCP server
the client will auto assign itself an address in this IP range. This feature
is not useful in a routed or larger environment and you are better off
disabling this feature on your PC's.

Try running nbtstat -a 169.254.?.? (the actual address) - this should give
you the NetBIOS name of the particular PC.

 

[MR]

I understand that but there doesn't seem to be any nodes
wanting addresses on the network. Proxy could be
responding to a node and assuming it needs to go to the
Inet to get it. Nbtstat won't work as it once again tries
to route it instead of going local. I did try to config a
system in that range and then reach it but could not.