fuzzyfreak
asked on
How to find physical location of network device
Surely this has been asked before. I have identified some devices on my network, they would be physically plugged in to our network. I need to find out where they are physically located. I use Spiceworks to inventory my network and all those it can identify, it tells me which switch they are connected to - which is great, but some devices cannot be identified, I get a host name and an IP address and from these, I can also get a MAC address (from DHCP server).
I know our switches show mac addresses (Netgear GS724T) but even though I found a MAC address I was trying to identify, it simply showed port l1 - which means nothing to me.
Has anyone got any other ideas?
Thanks
I know our switches show mac addresses (Netgear GS724T) but even though I found a MAC address I was trying to identify, it simply showed port l1 - which means nothing to me.
Has anyone got any other ideas?
Thanks
Wasim Shaikh
One of the dirty way that my colleague used was in a scenario with multiple buildings and multiple switches, login to the managed switch and shutdown the uplink port to those switches which you can't find, the users connected to it will surely call help desk, this way we can't pinpoint but at least we can search in area nearby :-)
ASKER
Ha ha, unfortunately this is not a practical solution.
Right :-)
You can disconnect the device in question from your switch and either trace the wire with a probe or just wait to see who notices. This probably isn't a good idea if you think the device might be important -- but if you think it's a rogue device and have accounted for everything important, it's not a terrible strategy.
One other thought is that you can run a port scan against that IP address and see what ports it is listening on. That will at least tell you what type of device it is. You can also attempt to look up the MAC address on any of a number of sites. Several sites can be found easily with a Google search for "mac address lookup". The IEEE and Wireshark sites would be highly authoritative.
One other thought is that you can run a port scan against that IP address and see what ports it is listening on. That will at least tell you what type of device it is. You can also attempt to look up the MAC address on any of a number of sites. Several sites can be found easily with a Google search for "mac address lookup". The IEEE and Wireshark sites would be highly authoritative.
If its a computer remote into it, and crank up some sounds on it on high volume if it has speakers ;) But that won't help with switches and all that.
You could try running netscan including the oobe.txt file to identify vendors etc of the appliance, which could help in identifying whether it is a dell, apc, Konica, or other brand.
You could than either log into the device via SSH, http, RDP or whatever it supports, and get some more info to assist in identifying it. But physical location is harder with unmanaged switches. Normally on a managed switch I would look at which port the device is connected to on the switch. From there you trace the lead back to the patch rack, and on the patch rack you check which outlet is marked on it. You then walk to the location in your business with that outlet number on it, and that should do it.
You could try running netscan including the oobe.txt file to identify vendors etc of the appliance, which could help in identifying whether it is a dell, apc, Konica, or other brand.
You could than either log into the device via SSH, http, RDP or whatever it supports, and get some more info to assist in identifying it. But physical location is harder with unmanaged switches. Normally on a managed switch I would look at which port the device is connected to on the switch. From there you trace the lead back to the patch rack, and on the patch rack you check which outlet is marked on it. You then walk to the location in your business with that outlet number on it, and that should do it.
ASKER
Greg
Maclean - you cannot remote to a computer without knowing the passwords.
I am sure Spiceworks is telling em everything it knows about these devices.
One in particular is named win8-cit_1- it is a windows machine and we only have one Win8 machine but this is not it - does anyone know if Windows 8 could be broadcasting itself across the network as a media device or something??
You can disconnect the device in question from your switchwhat do you mean?
Maclean - you cannot remote to a computer without knowing the passwords.
I am sure Spiceworks is telling em everything it knows about these devices.
One in particular is named win8-cit_1- it is a windows machine and we only have one Win8 machine but this is not it - does anyone know if Windows 8 could be broadcasting itself across the network as a media device or something??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi guys, this is all brilliant stuff and Greg's MAC address search idea helped me locate this particular rogue laptop (by chance). It was an Asus machine which we only have one of, so I went to that location and found the rogue laptop sitting behind it. I say rogue, it is a legitimate business use laptop but was purchased without my knowledge, which as the IT Systems Manager, I don't like. I now need to speak with management about the correct process - any tips to load my argument in my favour? - other than a) not being to manage it (which should be enough) and b) it having no AV on it.
ASKER
I was provided some excellent ideas, all of which are very handy for the future and I shall refer back to this regularly.
Hi Fuzzy:
Sure, most companies larger than a couple of dozen employees have an IT policy in place that spells out several things:
- Thou shalt not purchase computer equipment without consulting with End User Computing/IT Management.
- Thou shalt not use computer software that has not been approved by End User Computing/IT Management.
- Thou shalt not connect anything to the corporate networks without gaining the approval of Network/IT Management.
The reasons for these rules are relatively simple:
1. End User Computing/IT can't support every brand of computer out there. If everyone goes and buys their favorite brand on a whim, it costs the company in lost discounts from bulk-ordering from a single preferred vendor and prevents standardization and uniform computer management.
2. Anti-virus is a must in any company.
3. Undocumented hardware can go missing with company data without anyone knowing about it.
4. IT is ultimately responsible for ensuring software licensing and if software is loaded on an untracked/unmanaged laptop -- the company is liable.
I would be profoundly surprised if you get static attempting to enforce those simple rules -- but if you do, there is your ammo. Good luck!
Sure, most companies larger than a couple of dozen employees have an IT policy in place that spells out several things:
- Thou shalt not purchase computer equipment without consulting with End User Computing/IT Management.
- Thou shalt not use computer software that has not been approved by End User Computing/IT Management.
- Thou shalt not connect anything to the corporate networks without gaining the approval of Network/IT Management.
The reasons for these rules are relatively simple:
1. End User Computing/IT can't support every brand of computer out there. If everyone goes and buys their favorite brand on a whim, it costs the company in lost discounts from bulk-ordering from a single preferred vendor and prevents standardization and uniform computer management.
2. Anti-virus is a must in any company.
3. Undocumented hardware can go missing with company data without anyone knowing about it.
4. IT is ultimately responsible for ensuring software licensing and if software is loaded on an untracked/unmanaged laptop -- the company is liable.
I would be profoundly surprised if you get static attempting to enforce those simple rules -- but if you do, there is your ammo. Good luck!