Determine identity of an IP

I have an IP on my internal network that I can't seem to determine the origin of. I can ping the IP, but I can't do anything else.

Below is what I tried in order to figure out what it is.

1. Checked DNS (nothing listed for that IP)
2. Tried Remote Desktop
3. Tried VNC
4. Tried Telnet
5. Tried FTP
6. Tried adding it as a printer.

When I do a network scan, the IP comes back with no hostname, no computer name, no netbios information, no mac address ... nothing. (I used ipscan.exe for these tests).

Can anyone think of either:
A. A way to determine what the IP is?
B. A way to make my windows network block this IP from accessing any other part of the network so hopefully someone will scream and say something broke and I will be able to determine what the rogue IP is.

Thank you in advance.
ScubeduFanAsked:
Who is Participating?
 
rexxusCommented:
Do you have managed switches?

For an IP address to respond it has to have a MAC address, otherwise Layer 2 falls in a heap.

If you have cisco switches, from the command line try:

ping x.x.x.x (where x.x.x.x is the ip address you're looking for)
sh arp | inc x.x.x.x
this will show the ip and MAC address
show mac-address address xxxx.xxxx.xxx
this will show you which port the MAC address is coming in from.  You may have to telnet across multiple devices to track it down but more than do-able
0
 
acromentCommented:
Its not pretty, but you could try unplugging network cables from the swtich ports one at a time... (while pinging).

If you have managed switches, you may be able to sign in and see which port that IP address is on.

It should have a MAC address...

Give NewtPro a crack at scanning it.
http://www.komodolabs.com/

-Eric
0
 
OriNetworksCommented:
You could try connecting to the IP address using a web browser such as internet explorer. At one point I had the same problem and it was the management interface of one of my switches.

You could also use ipscan to scan all ports to see what ports are open on it.
0
 
OriNetworksCommented:
nmap is also a great utility. It has a feature called OS Fingerprinting and can guess what operating system it is.

http://nmap.org/
0
 
ScubeduFanAuthor Commented:
I'm going to choose this as the answer as it's the closest to what I'm going to have to do. While I agree no machine shouldn't have a mac address, no program is telling me what the mac address of this IP is. So I'm taking my 3Com switches and pulling all mac address information and comparing those mac addresses to my dhcp assigned addresses in Windows to see which don't exist. Then I'll have my ports and can go from there.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.