Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 377
  • Last Modified:

Determine identity of an IP

I have an IP on my internal network that I can't seem to determine the origin of. I can ping the IP, but I can't do anything else.

Below is what I tried in order to figure out what it is.

1. Checked DNS (nothing listed for that IP)
2. Tried Remote Desktop
3. Tried VNC
4. Tried Telnet
5. Tried FTP
6. Tried adding it as a printer.

When I do a network scan, the IP comes back with no hostname, no computer name, no netbios information, no mac address ... nothing. (I used ipscan.exe for these tests).

Can anyone think of either:
A. A way to determine what the IP is?
B. A way to make my windows network block this IP from accessing any other part of the network so hopefully someone will scream and say something broke and I will be able to determine what the rogue IP is.

Thank you in advance.
1 Solution
Its not pretty, but you could try unplugging network cables from the swtich ports one at a time... (while pinging).

If you have managed switches, you may be able to sign in and see which port that IP address is on.

It should have a MAC address...

Give NewtPro a crack at scanning it.

You could try connecting to the IP address using a web browser such as internet explorer. At one point I had the same problem and it was the management interface of one of my switches.

You could also use ipscan to scan all ports to see what ports are open on it.
nmap is also a great utility. It has a feature called OS Fingerprinting and can guess what operating system it is.

Do you have managed switches?

For an IP address to respond it has to have a MAC address, otherwise Layer 2 falls in a heap.

If you have cisco switches, from the command line try:

ping x.x.x.x (where x.x.x.x is the ip address you're looking for)
sh arp | inc x.x.x.x
this will show the ip and MAC address
show mac-address address xxxx.xxxx.xxx
this will show you which port the MAC address is coming in from.  You may have to telnet across multiple devices to track it down but more than do-able
ScubeduFanAuthor Commented:
I'm going to choose this as the answer as it's the closest to what I'm going to have to do. While I agree no machine shouldn't have a mac address, no program is telling me what the mac address of this IP is. So I'm taking my 3Com switches and pulling all mac address information and comparing those mac addresses to my dhcp assigned addresses in Windows to see which don't exist. Then I'll have my ports and can go from there.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now