Solved

Finding the Physical location of an IP host on a LAN

Posted on 2006-11-28
9
219 Views
Last Modified: 2012-05-05
I have been running through the computers listed in the AD and have come across one that I do not receognize. Lets say it is called PC1, if I ping it I get an ip 192.168.0.1. I can activate the "manage computer" but cannot access any fo the snap ins such as event viewer even though I'm logged on as Administrator. How do I find where this machine is and how do I gain control of it? I don't want to disable the account in case it is doing something useful.
0
Comment
Question by:Bartley1969
  • 2
  • 2
  • 2
  • +3
9 Comments
 
LVL 7

Expert Comment

by:killbrad
Comment Utility
http://www.microsoft.com/technet/sysinternals/utilities/psloggedon.mspx

That should give you an idea of who is using it...

http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx

This should let you run stuff on it (assuming its a part of the network and you have the correct administrator
0
 
LVL 12

Expert Comment

by:Freya28
Comment Utility
unc to it \\192.168.0.1\c$  and see whose profiles are on the machine
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 200 total points
Comment Utility
If you're all on the same subnet, then on your machine, if you do 'arp -g' you could see the mac address of this computer.

Then go to the switch and see which port this mac address belongs to. From there it should be easy enough I guess.

Cheers,
Rajesh
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 300 total points
Comment Utility
'How do I find where this machine is'

Do you have managed sw's?
If so you can do something like
show MAC xx:xx:xx:xx:xx:xx
a command like this will show the port, where the PC is connected or a link to a switch, where the PC is connected.
( to find the next sw. use something like: show CDP nei  or show LLDP info remote )

In order to get MAC-addr of PC1
ping PC1
arp -a
and look for line with PC1 (this will be MAC-adr of PC1 or device connecting to PC1)
If you run DHCP you could see an entry here as well.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:Bartley1969
Comment Utility
Rajesh and jburgaard thanks for your tack, definitely makes sense to get the MAC and then from the switch get the port and then trace cable physically to patch or elsewhere from there.
Now I have a question:
I have some 10 switches across the LAN (same subnet), some switches are CISCO's and rest are a mix a other brands.
Is there software/commands out there that I can install on the netowrk that will identify all the switches and then inventory the MAC's for each port on each switch?
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 200 total points
Comment Utility
Sure, take the free editon from ;

http://manageengine.adventnet.com/products/oputils/index.html


Cheers,
Rajesh
0
 
LVL 16

Expert Comment

by:btassure
Comment Utility
Incidentally 192.168.0.1 is the standard address for a router on the 192.168.0.x network. If you cant access anything on it then it might be the router...
0
 
LVL 7

Expert Comment

by:killbrad
Comment Utility
BTW: btassure is right
0
 

Author Comment

by:Bartley1969
Comment Utility
Rajesh,
many thanks for that. It has the port mapper util that I'm looking for.
BTassure and Killbrad thanks for your inputs, but I needed more indepth solutioning, i.e., there are MANY switches on the network, there are subnets too etc. I want the capability of finding rogue IP's across the LAN/WAN etc.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now