We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Determine identity of an IP

ScubeduFan
ScubeduFan asked
on
Medium Priority
427 Views
Last Modified: 2012-05-06
I have an IP on my internal network that I can't seem to determine the origin of. I can ping the IP, but I can't do anything else.

Below is what I tried in order to figure out what it is.

1. Checked DNS (nothing listed for that IP)
2. Tried Remote Desktop
3. Tried VNC
4. Tried Telnet
5. Tried FTP
6. Tried adding it as a printer.

When I do a network scan, the IP comes back with no hostname, no computer name, no netbios information, no mac address ... nothing. (I used ipscan.exe for these tests).

Can anyone think of either:
A. A way to determine what the IP is?
B. A way to make my windows network block this IP from accessing any other part of the network so hopefully someone will scream and say something broke and I will be able to determine what the rogue IP is.

Thank you in advance.
Comment
Watch Question

Commented:
Its not pretty, but you could try unplugging network cables from the swtich ports one at a time... (while pinging).

If you have managed switches, you may be able to sign in and see which port that IP address is on.

It should have a MAC address...

Give NewtPro a crack at scanning it.
http://www.komodolabs.com/

-Eric
CERTIFIED EXPERT

Commented:
You could try connecting to the IP address using a web browser such as internet explorer. At one point I had the same problem and it was the management interface of one of my switches.

You could also use ipscan to scan all ports to see what ports are open on it.
CERTIFIED EXPERT

Commented:
nmap is also a great utility. It has a feature called OS Fingerprinting and can guess what operating system it is.

http://nmap.org/
Commented:
Do you have managed switches?

For an IP address to respond it has to have a MAC address, otherwise Layer 2 falls in a heap.

If you have cisco switches, from the command line try:

ping x.x.x.x (where x.x.x.x is the ip address you're looking for)
sh arp | inc x.x.x.x
this will show the ip and MAC address
show mac-address address xxxx.xxxx.xxx
this will show you which port the MAC address is coming in from.  You may have to telnet across multiple devices to track it down but more than do-able

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
I'm going to choose this as the answer as it's the closest to what I'm going to have to do. While I agree no machine shouldn't have a mac address, no program is telling me what the mac address of this IP is. So I'm taking my 3Com switches and pulling all mac address information and comparing those mac addresses to my dhcp assigned addresses in Windows to see which don't exist. Then I'll have my ports and can go from there.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.