How to find where rogue IP address is coming from?

I discovered an IP address being used on the network that I did not have any records of. It is a static address within our local private range. The ping is around a 27ms average, which seems a little high. LanSpy gave me the mac address, which starts with 00:90:10... and the manufacturer is "SIMULATION LABORATORIES, INC.". I then ran a port mapper on all of our switches and that IP address or MAC address does not show up on any of them. How do I find where/what this is?
LVL 1
robw24Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dusan_BajicCommented:
Switches usually keep MAC addresses for 30 seconds and delete if there is no traffic. Run ping with -t option and keep it running while you check switches.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brooklyn_ShogunCommented:
This sounds like it is an issue where a virtual program (something like VMWARE for example) is being used. My suggestion is for you to go into your switch and debug the activity coming into or out of it through the ports by sending data to the PC that's using this rogue IP. By pinging the address for example, that should help you to extract which port the switch is sending the data out of and you should be able to solve your mystery.

I don't think that you didn't try a lot of means so we have to get creative.
0
dkarpekinCommented:
You can disable and then enable, right after  links/ports, see if ping -t .x.x.x.x will stop, and keep following path further down, eventially, ending up on the port to wich "rogue" is connected to............if this will make simple enouf for you.
Disable/enable, will not effect regular internet users too much, unless there is sensative trafiic needs tob eon all the time.
0
robw24Author Commented:
This worked perfectly. Using the ping -t command kept data flowing and thus I was able to see it mapped to a switch port, which I could not see before before no data was being sent or received. I traced it to a manufacturing machine controller that I connected years back to an NFS share, but forgot to make records of it or setup a DNS A record. Thanks for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.