I have CISCO routers and switches everywhere.
I am currently seeing on my firewall logs, due to default routing, ICMP traffic to and from US military IP addresses. I have used Ethereal and tracked both source IP's as coming from one of my Cisco routers which connects many remote locations.
I have telneted into each of these remote locations and did SHOW ARP and SHOW IP CACHE and see no reference to the rouge IP's.
In the old days, I'd take over these remote machines and packet sniff on the hubs. But I am in a switched network and there are too many remote locations. I do have SNMP enabled on most all my PC's, switches, and routers. How do I track these IP address down to a remote network / port?