Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

track down the location of a machine advertising a domain or workgroup

Posted on 2008-06-24
6
Medium Priority
?
198 Views
Last Modified: 2010-04-21
Under Microsoft Windows Network I can see a Domain or Workgroup listed that shouldn't be. I can't access it. I would like to track it down. How do I go about finding what machine is advertising this?
0
Comment
Question by:jjc_mn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 4

Accepted Solution

by:
raymondzwarts earned 2000 total points
ID: 21859659
Use a packet capturing tool (like wireshark) to see who is broadcasting as master browser for the specific domain/workgroup. The packets will show up as Windows Browser Protocol and Server Message Block protocol packets.

The Packets will contain the Workgroup/Domain name and the source IP is the PC/Laptop/Server announcing the rougue domain/workgroup.

The broadcast is limited to the layer 2 subnet that the pc is on. But if you are using WINS or likewise systems in Active Directory it might take some more time to find the culprit.

Regards,
Raymond Zwarts
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21859953
You should be able to get some information from a command line. Use DomainABC as an example domain name:
  nbtstat  -a  DomainABC
Should return a NetBIOS name list which should include a few entries such as:
ComputerName  <00>  UNIQUE
DomainABC         <00>   GROUP
It will also include the MAC address

Then ping the computer name:
     ping ComputerName
and it should return the IP address

Just a start. but it may help if you know the computer name ,MAC, and IP
If you do not get a response from the nbtstat command, or ping, it may be that the machine was temporarily connected to the network, and is no longer present. If that is the case the entry should disappear after a day or so.
0
 

Author Comment

by:jjc_mn
ID: 21867270
nbtstat -a DoaminABC doesn't work.  Is the example correct?

I haven't had a change to try wireshark yet.

0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 21867338
I assume you changed DomainABC to the domain name you are seeing. If it doesn't work it may have a firewall blocking the necessary ports, or possibly more likely it is no longer connected to the network.
0
 

Author Comment

by:jjc_mn
ID: 21867983
I did change the name. I didn't add any slashes, just the name. Does that matter. I am doing this at a workstation, not on a server. There should be no firewall and I do see them in the GUI  Under Microsoft Windows Network.

Can you past an example?
0
 

Author Closing Comment

by:jjc_mn
ID: 31470290
Thanks
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question