Finding all MAC addresses in a Network and finding the vendor

I am currently on a task wherein I have to identify two VoIP phones connected on our LAN and have to configure them to work as part of our 3CX phone network. The starting part of course is to find the MAC addresses of the two IP Phones. So after a few minutes of searching I became aware of Colasoft MAC Scanner a relatively good tool which created a list of all machines on our LAN listing them by their IP address, MAC address and domain name. From the list of machines I saw two machines with identical OUIs (Organization Unique Identifier), aka first 6 hexadecimal numerals of the MAC address. To confirm the finding I searched for the vendor licensed to manufacture with this OUI at

http://standards.ieee.org/develop/regauth/oui/public.html

And voila!! These MAC Addresses were assigned to a VoIP Phone manufacturer!

So the basic premise of the post is if ever you get a MAC Address and you find the need to determine the manufacturer of the device, use the above link. 

Windows Update not happening in 2003 Server ; Error number: 0x8DDD0018

While doing the monthly update on my client's server topology where I have to perform such as Windows Updates, Trend Micro status check and Symantec Backup check, I found that in one of the server running Windows 2003 Server the Windows Update was not happening. The following three error messages were being received.

Error number: 0x8DDD0018
 Automatic Updates, BITS,
and Event Log services must be started



Even though in the services.msc all these services were found to be running Windows Update was not happening. A thorough investigation through Google brought me to this page.

Tech Arena

As per its advice I ran the following command string from Command Prompt,

regsvr32.exe wuaueng.dll


And now the update window dialog started on the Internet Explorer browser and updates were completed.

Another detailed search on the above command string brought me to this link.

Yahoo Answers

Apparently the dynamic link libraries and Active X Controls which enable the Microsoft Windows Update mechanism to run on the Internet Explorer browser had to be restarted. The regsvr32.exe is the program that needs to be run and wuaeng.dll module enables Active X communication from the browser with Microsoft website.

Conficker Worm , Downad Malware

So today after several days of working on it, I finally managed to root out the Conficker Worm from my client's network. The Conficker worm is an easily spreading Malware which on subsequent generations become more and more deadly and dangerous, in fact even leading other Malware and Virus to gain easy entry into the networks.

The biggest evidence of your machine being affected by the Conficker worm is if your Anti Virus client does not get updated even if the the update dialog happens without event. If you monitor the Network Usage Statistics on your Task Manager while you are updating you will see that no network traffic is taking place when the Anti Virus is apparently updating. You can confirm your fears if you are able to visit all websites except websites of Microsoft, AVG, McAfee, Trend Micro, Symantec etc. The Conficker worm prevents web access to these web sites.

While several tools claim to remove this, the best method is to simply do this:

Run > CMD > net stop dnscache

By this flushing of DNS Cache you get a temporary window of opportunity during when you can successfully update your Anti Virus. If your network has a central Web Server, the preliminary updating should happen here as after updating its Anti Virus Client and scanning its directories for the Malware it can trigger updates to all the Computers under its network management.

Then you need to just update the Windows and problem solved.