Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to trace the computer (and its location) on basis of IP address

Posted on 2009-05-08
8
Medium Priority
?
782 Views
Last Modified: 2013-11-29
We have around 300 computers (XP and Vista). We HAD some servers i.e. DNS Server, WINS Server, DHCP Server, Firewall, Squid Proxy Server (all in one Ubuntu Linux box) in our infrastructure. BUT&

We had very slow internet connectivity so we complained our ISP and they changed the infrastructure for troubleshooting the cause of network congestion.

Now, they did the new configuration like this:

ISP-------------- (Router)--------------Internal Network

Router is also configured as DHCP to provide TCP/IP settings to internal computers.

Now, our ISP investigated that two computers from our network are consuming very high bandwidth. They gave us IP addresses and told us to locate those computers and remove them from network.

Now, the problem is How to locate them. Our network is unorganized. Computers dont have relevant names. There is no naming convention for workgroup or computer name and their location. Even if I use DHCP, WINS or DNS inside, the computer name that will reflect will be long OS generated name like:

Please tell me if there is some ways to identify the locations of those PCs.

Regards.
0
Comment
Question by:JatinHemant
  • 4
  • 3
8 Comments
 
LVL 13

Accepted Solution

by:
usachrisk1983 earned 1200 total points
ID: 24335770
You should be able to tell from the IP + Subnet mask which of your internal subnets it's on, which should limit it down a bit for you, no?  If you're all on one big internal network that's not subnetted and perhaps all connect into one router there are a few things you can try.
 
 Check with the documentation on your internal switches to see if you can search by IP Address and turn the port off.  The guy who complains that he can't hit the net is your culprit - and you may, depending on the switch, even be able to tell where he's connceting from.
 
 If your computers are somewhat standardized, or you at least have admin righs on all of them, you can use something like PSEXEC to remotely execute a command on that PC.  If you get yourself a copy of shutdown.exe, you might even do something like:
 
 psexec \\ipaddress shutdown.exe -s -c "Please call me at x12345 to have your computer enabled"
 
  --- however if the system gets a new IP address when it comes online you're out of luck and will have to wait for your ISP to reply.  If you have tools like Altiris, SMS, etc in your organziation you can query by IP address in there too in order to see who's logged into the system.
 
 Also, again only if you have admin rights on the workstations, you can connect to \\ipaddress\c$ and then look in the documents and settings folder for who logged into the machine which may help you identify a location.
 
0
 

Author Comment

by:JatinHemant
ID: 24335895
Well...I forgot to tell that now all those servers listed above are NOT used. We are getting Website Name Resolution from ISP DNS Servers and IP addresses from Router DHCP.
0
 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 1200 total points
ID: 24335966
So you've got one router that serves as your DHCP server and your only router, which only means that you can't find it based on to IP address since they're probably all in the same scope.  Do you have an account (domain or local) that has admin rights on the machine?  If so, connecting to it using \\ipaddress\c$ or using PSEXEC are probably your best bets.

Depending on the size of the area you're searching, you could probably even find the old BEEP.EXE and continuously send BEEP.EXE to the system until you or a co-worker can hear where it's coming from.

PSEXEC allows you to run applications on a remote PC - so there are plenty of crafty ways you can use this to find a computer.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:JatinHemant
ID: 24337754
Thanks for your reply.

Well...we are not in domain so I don't have administrative right to run the following command you provided:
psexec \\ipaddress shutdown.exe -s -c "Please call me at x12345 to have your computer enabled"

By the way, let me explore these tips and I will soon be back on the discussion.

Regards.
0
 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 1200 total points
ID: 24337932
If you know the local admin/password you can still use PSEXEC (or map a drive to c$).  Good Luck!
0
 
LVL 2

Assisted Solution

by:feaglin
feaglin earned 300 total points
ID: 24351222
  You could also block those IP addresses at the router and see who yells.  Even if they reboot DHCP with the default settings should give them the same IP address back, as long as they don't leave the computer off for a day or two.
0
 

Author Comment

by:JatinHemant
ID: 24352898
Hi !

My problem was that it was somehow difficult to find out the PC that is reported as "problematic" by our ISPas we don't have any name resolution server (DNS / WINS) or DHCP to see which IP address is given to which computer by the Router (configured as DHCP Server also). And our ISP is giving us the IP addresses and not names.

I found a free tool at: http://www.solarwinds.com/products/freetools/ip_address_tracker/ 

This tool can show me the name of host for an specific IP address. YET it doesn't solve my problem completely because as I had told you that our IT staff people have given very irrelevant names to computers and thus even I get the name of an specific IP, it is not possible to know the location and owner of that PC for those PCs.

By the way, it is helping me to some extends.

Your comments are welcome.

Regards.
0
 

Author Comment

by:JatinHemant
ID: 24465481
Thanks for being part of this discussion.

Regards.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question