How can I locate what device is claiming a static IP

Hi gordonmann,

I guess you tried ping -a ipaddress?

I removed the one address I knew and changed it but I want to know what device is still on that ip.  So ping -a will not help in this instance.

Thanks

You didn't specifiy how large the network is, but if it is not more then 30 - 50 devices here something you can try.  From a workstation (or laptop) that is close or that you can get close to the switch(s), ping the IP address with a trailing /t .  This will keep the ping going until canceled. Pull each of the cables out of the switch until the ping quits replying, then you willl know what port is accociated with the IP and hopefully have a jack map that can then resolve that to a device somewhere.

Oh, one more thing if you don't have a jack map or such to help you figure out where this device is after you get it isolated at the switch another way to find it is to leave it unplugged.  You will hear about if it is anything important.
Always nice to have end users help in IT troubleshooting, even if they don't know they are.  :)

won't work for a national network of over 3000 devices

No wins and I already tried rdp, dameware, telenet and ssh and no connection returned but yet I can ping the address

I have also tried an IP scanner

And a network scanner

The only thing that can connect to this device is a web browser but it simply returns a totally blank page.

This is really aggravating.

This particular machine seems to have had the NIC replaced and when I review the IP info I am warned that the same address exist on another currently unavailable NIC on that machine.  How can I eliminate the redundant OLD NIC?

You'll need to get the mac address of the host, then get your network team to check the mac address tables on the switches to find out what switch and port its plugged into. You can get its mac by using arp -a immediately after having established a connection.

Cisco kit the command is show mac-address-table.

I believe Americom pointed this out to you earlier. If you've port scanned the host and tried connecting in on all open ports to try and identify it, this is probably the quickest and easiest route, relatively speaking.

Here are my test results so far
Can FTP - found user name but can not guess password (based on user name it is either Unix or linux)
can use browser - blank page
can telenet blank login screen

IP Scanner nor network scanner shows anything but open ports and IP.  no MAC or NetBIOS or Host names are found.

Sorry I forgot to say,  I tried the nbtstat -a command earlier and returns "Host not found"

You have a national network over 3000 devices, I'm sure you have a network team. Get them involve and have them find out the physical box by simply give the the IP.

LOL  I have but our infrastructure team is me and another person who is off today.  Most of those devices are laptops using VPN.  So basically I am on my own.  

"You have a national network over 3000 devices, I'm sure you have a network team. Get them involve and have them find out the physical box by simply give the the IP."

Totally. You are wasting your own time and your companies money.

"LOL  I have but our infrastructure team is me and another person who is off today.  Most of those devices are laptops using VPN.  So basically I am on my own. "

So start interrogating your switches already!

The only connection where I get a prompt is ftp.  All the others are blank with no prompts.

Thanks to all from my tests and your input I found and killed the rogue system.

...care to share? How did you locate it?

Using a Network Scanner (NetworkView) on that IP it gave me an SMTP server name that was the primary AS400 system.  That did not make sense so I searched the change control logs and found that the IP had been used as part of a range for testing the Validation process on a server update and the test range was never used.  I then asked the manager about it who proceeded to turn beet red and removed the range.

hahah...glad you sorted it.

thought I did this already