How to trace the computer (and its location) on basis of IP address

We have around 300 computers (XP and Vista). We HAD some servers i.e. DNS Server, WINS Server, DHCP Server, Firewall, Squid Proxy Server (all in one Ubuntu Linux box) in our infrastructure. BUT&

We had very slow internet connectivity so we complained our ISP and they changed the infrastructure for troubleshooting the cause of network congestion.

Now, they did the new configuration like this:

ISP-------------- (Router)--------------Internal Network

Router is also configured as DHCP to provide TCP/IP settings to internal computers.

Now, our ISP investigated that two computers from our network are consuming very high bandwidth. They gave us IP addresses and told us to locate those computers and remove them from network.

Now, the problem is How to locate them. Our network is unorganized. Computers dont have relevant names. There is no naming convention for workgroup or computer name and their location. Even if I use DHCP, WINS or DNS inside, the computer name that will reflect will be long OS generated name like:

Please tell me if there is some ways to identify the locations of those PCs.

Regards.
JatinHemantAsked:
Who is Participating?
 
usachrisk1983Commented:
You should be able to tell from the IP + Subnet mask which of your internal subnets it's on, which should limit it down a bit for you, no?  If you're all on one big internal network that's not subnetted and perhaps all connect into one router there are a few things you can try.
 
 Check with the documentation on your internal switches to see if you can search by IP Address and turn the port off.  The guy who complains that he can't hit the net is your culprit - and you may, depending on the switch, even be able to tell where he's connceting from.
 
 If your computers are somewhat standardized, or you at least have admin righs on all of them, you can use something like PSEXEC to remotely execute a command on that PC.  If you get yourself a copy of shutdown.exe, you might even do something like:
 
 psexec \\ipaddress shutdown.exe -s -c "Please call me at x12345 to have your computer enabled"
 
  --- however if the system gets a new IP address when it comes online you're out of luck and will have to wait for your ISP to reply.  If you have tools like Altiris, SMS, etc in your organziation you can query by IP address in there too in order to see who's logged into the system.
 
 Also, again only if you have admin rights on the workstations, you can connect to \\ipaddress\c$ and then look in the documents and settings folder for who logged into the machine which may help you identify a location.
 
0
 
JatinHemantAuthor Commented:
Well...I forgot to tell that now all those servers listed above are NOT used. We are getting Website Name Resolution from ISP DNS Servers and IP addresses from Router DHCP.
0
 
usachrisk1983Commented:
So you've got one router that serves as your DHCP server and your only router, which only means that you can't find it based on to IP address since they're probably all in the same scope.  Do you have an account (domain or local) that has admin rights on the machine?  If so, connecting to it using \\ipaddress\c$ or using PSEXEC are probably your best bets.

Depending on the size of the area you're searching, you could probably even find the old BEEP.EXE and continuously send BEEP.EXE to the system until you or a co-worker can hear where it's coming from.

PSEXEC allows you to run applications on a remote PC - so there are plenty of crafty ways you can use this to find a computer.
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
JatinHemantAuthor Commented:
Thanks for your reply.

Well...we are not in domain so I don't have administrative right to run the following command you provided:
psexec \\ipaddress shutdown.exe -s -c "Please call me at x12345 to have your computer enabled"

By the way, let me explore these tips and I will soon be back on the discussion.

Regards.
0
 
usachrisk1983Commented:
If you know the local admin/password you can still use PSEXEC (or map a drive to c$).  Good Luck!
0
 
feaglinCommented:
  You could also block those IP addresses at the router and see who yells.  Even if they reboot DHCP with the default settings should give them the same IP address back, as long as they don't leave the computer off for a day or two.
0
 
JatinHemantAuthor Commented:
Hi !

My problem was that it was somehow difficult to find out the PC that is reported as "problematic" by our ISPas we don't have any name resolution server (DNS / WINS) or DHCP to see which IP address is given to which computer by the Router (configured as DHCP Server also). And our ISP is giving us the IP addresses and not names.

I found a free tool at: http://www.solarwinds.com/products/freetools/ip_address_tracker/ 

This tool can show me the name of host for an specific IP address. YET it doesn't solve my problem completely because as I had told you that our IT staff people have given very irrelevant names to computers and thus even I get the name of an specific IP, it is not possible to know the location and owner of that PC for those PCs.

By the way, it is helping me to some extends.

Your comments are welcome.

Regards.
0
 
JatinHemantAuthor Commented:
Thanks for being part of this discussion.

Regards.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.