Solved

How to trace the computer (and its location) on basis of IP address

Posted on 2009-05-08
8
769 Views
Last Modified: 2013-11-29
We have around 300 computers (XP and Vista). We HAD some servers i.e. DNS Server, WINS Server, DHCP Server, Firewall, Squid Proxy Server (all in one Ubuntu Linux box) in our infrastructure. BUT&

We had very slow internet connectivity so we complained our ISP and they changed the infrastructure for troubleshooting the cause of network congestion.

Now, they did the new configuration like this:

ISP-------------- (Router)--------------Internal Network

Router is also configured as DHCP to provide TCP/IP settings to internal computers.

Now, our ISP investigated that two computers from our network are consuming very high bandwidth. They gave us IP addresses and told us to locate those computers and remove them from network.

Now, the problem is How to locate them. Our network is unorganized. Computers dont have relevant names. There is no naming convention for workgroup or computer name and their location. Even if I use DHCP, WINS or DNS inside, the computer name that will reflect will be long OS generated name like:

Please tell me if there is some ways to identify the locations of those PCs.

Regards.
0
Comment
Question by:JatinHemant
  • 4
  • 3
8 Comments
 
LVL 13

Accepted Solution

by:
usachrisk1983 earned 400 total points
Comment Utility
You should be able to tell from the IP + Subnet mask which of your internal subnets it's on, which should limit it down a bit for you, no?  If you're all on one big internal network that's not subnetted and perhaps all connect into one router there are a few things you can try.
 
 Check with the documentation on your internal switches to see if you can search by IP Address and turn the port off.  The guy who complains that he can't hit the net is your culprit - and you may, depending on the switch, even be able to tell where he's connceting from.
 
 If your computers are somewhat standardized, or you at least have admin righs on all of them, you can use something like PSEXEC to remotely execute a command on that PC.  If you get yourself a copy of shutdown.exe, you might even do something like:
 
 psexec \\ipaddress shutdown.exe -s -c "Please call me at x12345 to have your computer enabled"
 
  --- however if the system gets a new IP address when it comes online you're out of luck and will have to wait for your ISP to reply.  If you have tools like Altiris, SMS, etc in your organziation you can query by IP address in there too in order to see who's logged into the system.
 
 Also, again only if you have admin rights on the workstations, you can connect to \\ipaddress\c$ and then look in the documents and settings folder for who logged into the machine which may help you identify a location.
 
0
 

Author Comment

by:JatinHemant
Comment Utility
Well...I forgot to tell that now all those servers listed above are NOT used. We are getting Website Name Resolution from ISP DNS Servers and IP addresses from Router DHCP.
0
 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 400 total points
Comment Utility
So you've got one router that serves as your DHCP server and your only router, which only means that you can't find it based on to IP address since they're probably all in the same scope.  Do you have an account (domain or local) that has admin rights on the machine?  If so, connecting to it using \\ipaddress\c$ or using PSEXEC are probably your best bets.

Depending on the size of the area you're searching, you could probably even find the old BEEP.EXE and continuously send BEEP.EXE to the system until you or a co-worker can hear where it's coming from.

PSEXEC allows you to run applications on a remote PC - so there are plenty of crafty ways you can use this to find a computer.
0
 

Author Comment

by:JatinHemant
Comment Utility
Thanks for your reply.

Well...we are not in domain so I don't have administrative right to run the following command you provided:
psexec \\ipaddress shutdown.exe -s -c "Please call me at x12345 to have your computer enabled"

By the way, let me explore these tips and I will soon be back on the discussion.

Regards.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 400 total points
Comment Utility
If you know the local admin/password you can still use PSEXEC (or map a drive to c$).  Good Luck!
0
 
LVL 2

Assisted Solution

by:feaglin
feaglin earned 100 total points
Comment Utility
  You could also block those IP addresses at the router and see who yells.  Even if they reboot DHCP with the default settings should give them the same IP address back, as long as they don't leave the computer off for a day or two.
0
 

Author Comment

by:JatinHemant
Comment Utility
Hi !

My problem was that it was somehow difficult to find out the PC that is reported as "problematic" by our ISPas we don't have any name resolution server (DNS / WINS) or DHCP to see which IP address is given to which computer by the Router (configured as DHCP Server also). And our ISP is giving us the IP addresses and not names.

I found a free tool at: http://www.solarwinds.com/products/freetools/ip_address_tracker/

This tool can show me the name of host for an specific IP address. YET it doesn't solve my problem completely because as I had told you that our IT staff people have given very irrelevant names to computers and thus even I get the name of an specific IP, it is not possible to know the location and owner of that PC for those PCs.

By the way, it is helping me to some extends.

Your comments are welcome.

Regards.
0
 

Author Comment

by:JatinHemant
Comment Utility
Thanks for being part of this discussion.

Regards.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

I know for anybody starting from Beginner to Expert in Networking knows what OSI model. But this tutorial is for freshers or those who are new to networking world. Why I am putting OSI in such simple and compact manner is because it enables you to k…
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now