Solved

How can I locate what device is claiming a static IP

Posted on 2008-10-03
24
234 Views
Last Modified: 2012-05-05
I have a device on my network that is claiming a static ip address (probably assigned by some predecessor).  This address can be pinged but DOES NOT show up in the dns list.   How can I find the device?
0
Comment
Question by:gordonmann
  • 13
  • 6
  • 2
  • +2
24 Comments
 
LVL 16

Expert Comment

by:JoWickerman
Comment Utility
Hi gordonmann,

I guess you tried ping -a ipaddress?
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
I removed the one address I knew and changed it but I want to know what device is still on that ip.  So ping -a will not help in this instance.

Thanks
0
 
LVL 5

Expert Comment

by:sdschaefer
Comment Utility
You didn't specifiy how large the network is, but if it is not more then 30 - 50 devices here something you can try.  From a workstation (or laptop) that is close or that you can get close to the switch(s), ping the IP address with a trailing /t .  This will keep the ping going until canceled. Pull each of the cables out of the switch until the ping quits replying, then you willl know what port is accociated with the IP and hopefully have a jack map that can then resolve that to a device somewhere.
0
 
LVL 5

Expert Comment

by:sdschaefer
Comment Utility
Oh, one more thing if you don't have a jack map or such to help you figure out where this device is after you get it isolated at the switch another way to find it is to leave it unplugged.  You will hear about if it is anything important.
Always nice to have end users help in IT troubleshooting, even if they don't know they are.  :)
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
won't work for a national network of over 3000 devices
0
 
LVL 18

Accepted Solution

by:
Americom earned 250 total points
Comment Utility
You can probably have your switch guy to identify what IP maps with what MAC address that is associated it find out what switch/port to trace the actual physical patch to the box.

Also, not sure if the device is accessible, you can get some idea what it is by telnet, ftp, http, otherwise UNC, RDP etc.. If you have WINS, you can also lookup the database and see if it's there by sorting the IP.

Or if it's a windows machie with NetBIOS running, you can try at the command prompt from your PC, type NBTSTAT -A xxx.xxx.xxx.xxx, where the xxx... is the IP address. This can list the MAC address and Machine Names as well as the domain name it associated with.
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
No wins and I already tried rdp, dameware, telenet and ssh and no connection returned but yet I can ping the address
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
I have also tried an IP scanner
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
And a network scanner
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
The only thing that can connect to this device is a web browser but it simply returns a totally blank page.

This is really aggravating.
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
This particular machine seems to have had the NIC replaced and when I review the IP info I am warned that the same address exist on another currently unavailable NIC on that machine.  How can I eliminate the redundant OLD NIC?
0
 
LVL 13

Expert Comment

by:Rowley
Comment Utility
You'll need to get the mac address of the host, then get your network team to check the mac address tables on the switches to find out what switch and port its plugged into. You can get its mac by using arp -a immediately after having established a connection.

Cisco kit the command is show mac-address-table.

I believe Americom pointed this out to you earlier. If you've port scanned the host and tried connecting in on all open ports to try and identify it, this is probably the quickest and easiest route, relatively speaking.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:gordonmann
Comment Utility
Here are my test results so far
Can FTP - found user name but can not guess password (based on user name it is either Unix or linux)
can use browser - blank page
can telenet blank login screen

IP Scanner nor network scanner shows anything but open ports and IP.  no MAC or NetBIOS or Host names are found.

Sorry I forgot to say,  I tried the nbtstat -a command earlier and returns "Host not found"
0
 
LVL 18

Expert Comment

by:Americom
Comment Utility
You have a national network over 3000 devices, I'm sure you have a network team. Get them involve and have them find out the physical box by simply give the the IP.
0
 
LVL 13

Assisted Solution

by:Rowley
Rowley earned 250 total points
Comment Utility
if you can establish a tcp connection then you have the mac address. Example:

T:\>arp -a

Interface: 192.168.72.78 --- 0x2
  Internet Address      Physical Address      Type
  192.168.72.1          00-00-0c-07-ac-48     dynamic
  192.168.72.185        00-02-a5-e8-27-e3     dynamic

If you can get to it via http, maybe you could try http://x.x.x.x/server-info or /server-status, if its apache and the admin has configured it to handle those url's you might get some meaningful info. Your best bet is arming yourself with the MAC and speaking to your network admins.
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
LOL  I have but our infrastructure team is me and another person who is off today.  Most of those devices are laptops using VPN.  So basically I am on my own.  
0
 
LVL 13

Expert Comment

by:Rowley
Comment Utility
"You have a national network over 3000 devices, I'm sure you have a network team. Get them involve and have them find out the physical box by simply give the the IP."

Totally. You are wasting your own time and your companies money.
0
 
LVL 13

Expert Comment

by:Rowley
Comment Utility
"LOL  I have but our infrastructure team is me and another person who is off today.  Most of those devices are laptops using VPN.  So basically I am on my own. "

So start interrogating your switches already!
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
The only connection where I get a prompt is ftp.  All the others are blank with no prompts.
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
Thanks to all from my tests and your input I found and killed the rogue system.
0
 
LVL 13

Expert Comment

by:Rowley
Comment Utility
...care to share? How did you locate it?
0
 
LVL 1

Author Comment

by:gordonmann
Comment Utility
Using a Network Scanner (NetworkView) on that IP it gave me an SMTP server name that was the primary AS400 system.  That did not make sense so I searched the change control logs and found that the IP had been used as part of a range for testing the Validation process on a server update and the test range was never used.  I then asked the manager about it who proceeded to turn beet red and removed the range.

0
 
LVL 13

Expert Comment

by:Rowley
Comment Utility
hahah...glad you sorted it.
0
 
LVL 1

Author Closing Comment

by:gordonmann
Comment Utility
thought I did this already
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now