Solved

Un-authorized local IP addresses showing on the network

Posted on 2006-06-29
19
593 Views
Last Modified: 2017-02-28
When I do an IPSCAN on our network in the office, there's a bunch of alive ip addresses in the network.  How can I figure which computers or devices these are.  I would like to kick them out of their connection for now while trying to figure this out.  What is a better way to deal with this issue.  Has someone able crack our network?  Please advice.
0
Comment
Question by:r_yague
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +6
19 Comments
 
LVL 4

Accepted Solution

by:
gbirkemeier earned 74 total points
ID: 17013149
Use tracert or nslookup to determine the netbios name. This may help to identify the source of the IP.
Remember printers, print servers, some switches, and other network aware hardware can be using IP addresses.
0
 
LVL 13

Assisted Solution

by:prashsax
prashsax earned 71 total points
ID: 17013206
Use this from command prompt

nbtstat -A IP_ADDRESS.

This will tell you the computer name. Look for entry for number 20.
0
 
LVL 10

Assisted Solution

by:fm250
fm250 earned 71 total points
ID: 17013301
you can use an eval version of solarwind to do that for you. it has the ip scan tool that gives you details about every ip. you can scan a range of ips or subnet. you can use other free tools to do that for you as well.
here is the link: http://support.solarwinds.net/Help/IP-Network-Browser/Overview.htm
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 16

Assisted Solution

by:The--Captain
The--Captain earned 71 total points
ID: 17013446
http://www.gfi.com/languard/ - one of my clients really likes it.

Of course, the ARP command should reveal if you're dealing with a single host or many (arp spoofs notwithstanding)

Cheers,
-Jon
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 17015713
use command prompt --

ipconfig /all

That should show you all IPs on the network.

Also go into the router or switch at the root IP address (192.168.0.1 ???) and check STATUS -- it will show all computers connected, their IP addresses, and their MAC addresses correlated to name, and that will give you a complete display.  Print it out, for reference, the IP numbers dont often change.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 17016093
>use command prompt --
>
>ipconfig /all

scrathcyboy, you forgot to mention that you have to run this command on *every* machine on the network, which may not be feasible...

>Also go into the router or switch at the root IP address (192.168.0.1 ???) and check STATUS -- it will show
>all computers connected, their IP addresses, and their MAC addresses correlated to name,
>and that will give you a complete display

Ridiculous.  This will work a very small fraction of the time, but not most.  Neither my own router or managed switch conform to your advice...  How can you even suggest that this will work in most cases?

I could comment more on what appears to be your habit of just firing off wildly inaccurate advice, but this is not the place.

Cheers,
-Jon
0
 
LVL 27

Assisted Solution

by:pseudocyber
pseudocyber earned 71 total points
ID: 17016920
r_vague, what kind of gear are you running?  If you have manageable equipment, you might be able to look in your forwarding tables and ARP tables to pinpoint there those IP's are physically connected and then shutdown their port and wait for the phone to ring.
0
 

Author Comment

by:r_yague
ID: 17017689
I just remembered that we installed VOIP telephone units.  Do you think these unknown IPs are the telephone adapters that came with each phone?  If so, how can I check which adapter belongs to which IP address.  
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 17017704
>> If so, how can I check which adapter belongs to which IP address.  

As we have said, you would check your ARP and Forwarding Tables.  Then, the MAC should be on the bottom of the phone - on a label or something.
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17017847
Yes, these new IP can be assigned to these VOIP phones.

You can goto to DHCP management console. Note down the MAC address from the lease list.

Then you can match these MAC address with the VOIP phones to be sure of it.
0
 

Author Comment

by:r_yague
ID: 17018262
DHCP is provided by the router/firewall and not the server.  So I checked the router DHCP and they were the VOIP phones (I checked the MAC addresses of the phone adapters). But there are still about 12 more (IP's and corresponding MAC addresses) that I am not sure what they are.  Now I want to know if there's a way to find out what kind of devices specific MAC addresses are, like they all start with 00:11:11......and so on.
0
 

Author Comment

by:r_yague
ID: 17018266
Correction,  the mac addresses all start with 00:11.....and so on.
0
 
LVL 10

Expert Comment

by:fm250
ID: 17019051
from the router firewall, issue the command: sh arp
and see the matching ip to mac
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 71 total points
ID: 17022721
The MAC addresses do not denote their use. Some manufacturers bought blocks of MAC addresses for future use which is why 3COM, for example, all used to have the same first 6 bytes for example as did Intel.
0
 
LVL 18

Assisted Solution

by:carl_legere
carl_legere earned 71 total points
ID: 17025022
ping IP
then do
arp -a

or use www.angryziber.com/ipscan
add MAC address in options
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 17025027
Your deployment of VOIP phones or IP phones isn't quite kosher if they are grabbing DHCP from your regular network.  Usually they are vlan'd off on another network, this other subnet has strict QOS assignments on the network/routers
0
 
LVL 13

Expert Comment

by:prashsax
ID: 17025503
Just one more way to be sure.

Assign one of these IP address to another machine.(Static IP).

Then it would prompt you an IP conflict. It will also prompt on the other end that an IP conflict has occured.

User will report to you and you can easily find the device.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question