Determine identity of an IP

Posted on 2009-02-10
Last Modified: 2012-05-06
I have an IP on my internal network that I can't seem to determine the origin of. I can ping the IP, but I can't do anything else.

Below is what I tried in order to figure out what it is.

1. Checked DNS (nothing listed for that IP)
2. Tried Remote Desktop
3. Tried VNC
4. Tried Telnet
5. Tried FTP
6. Tried adding it as a printer.

When I do a network scan, the IP comes back with no hostname, no computer name, no netbios information, no mac address ... nothing. (I used ipscan.exe for these tests).

Can anyone think of either:
A. A way to determine what the IP is?
B. A way to make my windows network block this IP from accessing any other part of the network so hopefully someone will scream and say something broke and I will be able to determine what the rogue IP is.

Thank you in advance.
Question by:ScubeduFan
    LVL 9

    Expert Comment

    Its not pretty, but you could try unplugging network cables from the swtich ports one at a time... (while pinging).

    If you have managed switches, you may be able to sign in and see which port that IP address is on.

    It should have a MAC address...

    Give NewtPro a crack at scanning it.

    LVL 17

    Expert Comment

    You could try connecting to the IP address using a web browser such as internet explorer. At one point I had the same problem and it was the management interface of one of my switches.

    You could also use ipscan to scan all ports to see what ports are open on it.
    LVL 17

    Expert Comment

    nmap is also a great utility. It has a feature called OS Fingerprinting and can guess what operating system it is.
    LVL 5

    Accepted Solution

    Do you have managed switches?

    For an IP address to respond it has to have a MAC address, otherwise Layer 2 falls in a heap.

    If you have cisco switches, from the command line try:

    ping x.x.x.x (where x.x.x.x is the ip address you're looking for)
    sh arp | inc x.x.x.x
    this will show the ip and MAC address
    show mac-address address
    this will show you which port the MAC address is coming in from.  You may have to telnet across multiple devices to track it down but more than do-able

    Author Closing Comment

    I'm going to choose this as the answer as it's the closest to what I'm going to have to do. While I agree no machine shouldn't have a mac address, no program is telling me what the mac address of this IP is. So I'm taking my 3Com switches and pulling all mac address information and comparing those mac addresses to my dhcp assigned addresses in Windows to see which don't exist. Then I'll have my ports and can go from there.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
    Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now