Hey everyone, I've got a bit of a tricky situation here. In a manufacturing plant, we had some molten metal leak into the cable ducts, causing a number of switch ports to go offline. Now, I need to get a specific cluster back online, but I have no access to the OPC UA client configuration because the developer isn't available. The OPC UA client PC is supposed to connect to several servers, but with around 100 servers in this VLAN, I'm not sure which ones are relevant. I've got Wireshark installed, and I can see our current network management software with historical MAC and IP address assignments to ports. The client is trying to connect every few seconds, so I'm trying to identify the server ports quickly. I initially thought either Option A or C might be the right approach, but I'm feeling uncertain. Could anyone help clarify if I'm on the right track or if I've missed something?
3 Answers
I think option A is your best bet. By looking for packets with the SYN flag from your client's IP to TCP port 4840, you’ll pinpoint the server connections effectively. Once you have those destination IPs, you can cross-reference with your network management software to identify the switch ports needed for reconnection. Remember, since the client PC is fresh, it won't have any cached information; that's why capturing those SYN packets is crucial.
Why not pull the backup config and put it on a new switch if you have it? That might save a lot of time. If not, just opening everything up could be a solution, but repair needs to be your priority. Don't risk overlooking crucial service ports by trying to reverse engineer the application at this stage.
Yeah, make sure those cables are sorted out first before going on any wild goose chases in the software!
Honestly, I think option C could also work well here. Filtering for ARP requests from the client could show you which servers it's trying to communicate with, especially those that aren't timing out yet. Just make sure to check the historical MAC data to find out which ports those servers are attached to.
That's a solid point! Option C can help gather more info even if the server isn't online right now, while option A focuses more on active connections.
I agree with you! However, keep in mind that if any servers are down, option A might miss them. Option C could actually help confirm IPs if they’re responding before you look at the ports.