[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2334
  • Last Modified:

How to find where rogue IP address is coming from?

I discovered an IP address being used on the network that I did not have any records of. It is a static address within our local private range. The ping is around a 27ms average, which seems a little high. LanSpy gave me the mac address, which starts with 00:90:10... and the manufacturer is "SIMULATION LABORATORIES, INC.". I then ran a port mapper on all of our switches and that IP address or MAC address does not show up on any of them. How do I find where/what this is?
0
robw24
Asked:
robw24
1 Solution
 
Dusan_BajicCommented:
Switches usually keep MAC addresses for 30 seconds and delete if there is no traffic. Run ping with -t option and keep it running while you check switches.
0
 
Brooklyn_ShogunCommented:
This sounds like it is an issue where a virtual program (something like VMWARE for example) is being used. My suggestion is for you to go into your switch and debug the activity coming into or out of it through the ports by sending data to the PC that's using this rogue IP. By pinging the address for example, that should help you to extract which port the switch is sending the data out of and you should be able to solve your mystery.

I don't think that you didn't try a lot of means so we have to get creative.
0
 
dkarpekinCommented:
You can disable and then enable, right after  links/ports, see if ping -t .x.x.x.x will stop, and keep following path further down, eventially, ending up on the port to wich "rogue" is connected to............if this will make simple enouf for you.
Disable/enable, will not effect regular internet users too much, unless there is sensative trafiic needs tob eon all the time.
0
 
robw24Author Commented:
This worked perfectly. Using the ping -t command kept data flowing and thus I was able to see it mapped to a switch port, which I could not see before before no data was being sent or received. I traced it to a manufacturing machine controller that I connected years back to an NFS share, but forgot to make records of it or setup a DNS A record. Thanks for your help.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now