Solved

How can I locate what device is claiming a static IP

Posted on 2008-10-03
24
235 Views
Last Modified: 2012-05-05
I have a device on my network that is claiming a static ip address (probably assigned by some predecessor).  This address can be pinged but DOES NOT show up in the dns list.   How can I find the device?
0
Comment
Question by:gordonmann
  • 13
  • 6
  • 2
  • +2
24 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22633254
Hi gordonmann,

I guess you tried ping -a ipaddress?
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22633336
I removed the one address I knew and changed it but I want to know what device is still on that ip.  So ping -a will not help in this instance.

Thanks
0
 
LVL 5

Expert Comment

by:sdschaefer
ID: 22633358
You didn't specifiy how large the network is, but if it is not more then 30 - 50 devices here something you can try.  From a workstation (or laptop) that is close or that you can get close to the switch(s), ping the IP address with a trailing /t .  This will keep the ping going until canceled. Pull each of the cables out of the switch until the ping quits replying, then you willl know what port is accociated with the IP and hopefully have a jack map that can then resolve that to a device somewhere.
0
 
LVL 5

Expert Comment

by:sdschaefer
ID: 22633388
Oh, one more thing if you don't have a jack map or such to help you figure out where this device is after you get it isolated at the switch another way to find it is to leave it unplugged.  You will hear about if it is anything important.
Always nice to have end users help in IT troubleshooting, even if they don't know they are.  :)
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22633433
won't work for a national network of over 3000 devices
0
 
LVL 18

Accepted Solution

by:
Americom earned 250 total points
ID: 22633485
You can probably have your switch guy to identify what IP maps with what MAC address that is associated it find out what switch/port to trace the actual physical patch to the box.

Also, not sure if the device is accessible, you can get some idea what it is by telnet, ftp, http, otherwise UNC, RDP etc.. If you have WINS, you can also lookup the database and see if it's there by sorting the IP.

Or if it's a windows machie with NetBIOS running, you can try at the command prompt from your PC, type NBTSTAT -A xxx.xxx.xxx.xxx, where the xxx... is the IP address. This can list the MAC address and Machine Names as well as the domain name it associated with.
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22633611
No wins and I already tried rdp, dameware, telenet and ssh and no connection returned but yet I can ping the address
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22633632
I have also tried an IP scanner
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22633738
And a network scanner
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22633773
The only thing that can connect to this device is a web browser but it simply returns a totally blank page.

This is really aggravating.
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22633837
This particular machine seems to have had the NIC replaced and when I review the IP info I am warned that the same address exist on another currently unavailable NIC on that machine.  How can I eliminate the redundant OLD NIC?
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22633959
You'll need to get the mac address of the host, then get your network team to check the mac address tables on the switches to find out what switch and port its plugged into. You can get its mac by using arp -a immediately after having established a connection.

Cisco kit the command is show mac-address-table.

I believe Americom pointed this out to you earlier. If you've port scanned the host and tried connecting in on all open ports to try and identify it, this is probably the quickest and easiest route, relatively speaking.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 1

Author Comment

by:gordonmann
ID: 22634178
Here are my test results so far
Can FTP - found user name but can not guess password (based on user name it is either Unix or linux)
can use browser - blank page
can telenet blank login screen

IP Scanner nor network scanner shows anything but open ports and IP.  no MAC or NetBIOS or Host names are found.

Sorry I forgot to say,  I tried the nbtstat -a command earlier and returns "Host not found"
0
 
LVL 18

Expert Comment

by:Americom
ID: 22634267
You have a national network over 3000 devices, I'm sure you have a network team. Get them involve and have them find out the physical box by simply give the the IP.
0
 
LVL 13

Assisted Solution

by:Rowley
Rowley earned 250 total points
ID: 22634312
if you can establish a tcp connection then you have the mac address. Example:

T:\>arp -a

Interface: 192.168.72.78 --- 0x2
  Internet Address      Physical Address      Type
  192.168.72.1          00-00-0c-07-ac-48     dynamic
  192.168.72.185        00-02-a5-e8-27-e3     dynamic

If you can get to it via http, maybe you could try http://x.x.x.x/server-info or /server-status, if its apache and the admin has configured it to handle those url's you might get some meaningful info. Your best bet is arming yourself with the MAC and speaking to your network admins.
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22634318
LOL  I have but our infrastructure team is me and another person who is off today.  Most of those devices are laptops using VPN.  So basically I am on my own.  
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22634326
"You have a national network over 3000 devices, I'm sure you have a network team. Get them involve and have them find out the physical box by simply give the the IP."

Totally. You are wasting your own time and your companies money.
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22634339
"LOL  I have but our infrastructure team is me and another person who is off today.  Most of those devices are laptops using VPN.  So basically I am on my own. "

So start interrogating your switches already!
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22634349
The only connection where I get a prompt is ftp.  All the others are blank with no prompts.
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22634545
Thanks to all from my tests and your input I found and killed the rogue system.
0
 
LVL 13

Expert Comment

by:Rowley
ID: 22636863
...care to share? How did you locate it?
0
 
LVL 1

Author Comment

by:gordonmann
ID: 22637181
Using a Network Scanner (NetworkView) on that IP it gave me an SMTP server name that was the primary AS400 system.  That did not make sense so I searched the change control logs and found that the IP had been used as part of a range for testing the Validation process on a server update and the test range was never used.  I then asked the manager about it who proceeded to turn beet red and removed the range.

0
 
LVL 13

Expert Comment

by:Rowley
ID: 22638147
hahah...glad you sorted it.
0
 
LVL 1

Author Closing Comment

by:gordonmann
ID: 31502728
thought I did this already
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now