Solved

How to trace the computer (and its location) on basis of IP address

Posted on 2009-05-08
8
778 Views
Last Modified: 2013-11-29
We have around 300 computers (XP and Vista). We HAD some servers i.e. DNS Server, WINS Server, DHCP Server, Firewall, Squid Proxy Server (all in one Ubuntu Linux box) in our infrastructure. BUT&

We had very slow internet connectivity so we complained our ISP and they changed the infrastructure for troubleshooting the cause of network congestion.

Now, they did the new configuration like this:

ISP-------------- (Router)--------------Internal Network

Router is also configured as DHCP to provide TCP/IP settings to internal computers.

Now, our ISP investigated that two computers from our network are consuming very high bandwidth. They gave us IP addresses and told us to locate those computers and remove them from network.

Now, the problem is How to locate them. Our network is unorganized. Computers dont have relevant names. There is no naming convention for workgroup or computer name and their location. Even if I use DHCP, WINS or DNS inside, the computer name that will reflect will be long OS generated name like:

Please tell me if there is some ways to identify the locations of those PCs.

Regards.
0
Comment
Question by:JatinHemant
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 13

Accepted Solution

by:
usachrisk1983 earned 400 total points
ID: 24335770
You should be able to tell from the IP + Subnet mask which of your internal subnets it's on, which should limit it down a bit for you, no?  If you're all on one big internal network that's not subnetted and perhaps all connect into one router there are a few things you can try.
 
 Check with the documentation on your internal switches to see if you can search by IP Address and turn the port off.  The guy who complains that he can't hit the net is your culprit - and you may, depending on the switch, even be able to tell where he's connceting from.
 
 If your computers are somewhat standardized, or you at least have admin righs on all of them, you can use something like PSEXEC to remotely execute a command on that PC.  If you get yourself a copy of shutdown.exe, you might even do something like:
 
 psexec \\ipaddress shutdown.exe -s -c "Please call me at x12345 to have your computer enabled"
 
  --- however if the system gets a new IP address when it comes online you're out of luck and will have to wait for your ISP to reply.  If you have tools like Altiris, SMS, etc in your organziation you can query by IP address in there too in order to see who's logged into the system.
 
 Also, again only if you have admin rights on the workstations, you can connect to \\ipaddress\c$ and then look in the documents and settings folder for who logged into the machine which may help you identify a location.
 
0
 

Author Comment

by:JatinHemant
ID: 24335895
Well...I forgot to tell that now all those servers listed above are NOT used. We are getting Website Name Resolution from ISP DNS Servers and IP addresses from Router DHCP.
0
 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 400 total points
ID: 24335966
So you've got one router that serves as your DHCP server and your only router, which only means that you can't find it based on to IP address since they're probably all in the same scope.  Do you have an account (domain or local) that has admin rights on the machine?  If so, connecting to it using \\ipaddress\c$ or using PSEXEC are probably your best bets.

Depending on the size of the area you're searching, you could probably even find the old BEEP.EXE and continuously send BEEP.EXE to the system until you or a co-worker can hear where it's coming from.

PSEXEC allows you to run applications on a remote PC - so there are plenty of crafty ways you can use this to find a computer.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:JatinHemant
ID: 24337754
Thanks for your reply.

Well...we are not in domain so I don't have administrative right to run the following command you provided:
psexec \\ipaddress shutdown.exe -s -c "Please call me at x12345 to have your computer enabled"

By the way, let me explore these tips and I will soon be back on the discussion.

Regards.
0
 
LVL 13

Assisted Solution

by:usachrisk1983
usachrisk1983 earned 400 total points
ID: 24337932
If you know the local admin/password you can still use PSEXEC (or map a drive to c$).  Good Luck!
0
 
LVL 2

Assisted Solution

by:feaglin
feaglin earned 100 total points
ID: 24351222
  You could also block those IP addresses at the router and see who yells.  Even if they reboot DHCP with the default settings should give them the same IP address back, as long as they don't leave the computer off for a day or two.
0
 

Author Comment

by:JatinHemant
ID: 24352898
Hi !

My problem was that it was somehow difficult to find out the PC that is reported as "problematic" by our ISPas we don't have any name resolution server (DNS / WINS) or DHCP to see which IP address is given to which computer by the Router (configured as DHCP Server also). And our ISP is giving us the IP addresses and not names.

I found a free tool at: http://www.solarwinds.com/products/freetools/ip_address_tracker/ 

This tool can show me the name of host for an specific IP address. YET it doesn't solve my problem completely because as I had told you that our IT staff people have given very irrelevant names to computers and thus even I get the name of an specific IP, it is not possible to know the location and owner of that PC for those PCs.

By the way, it is helping me to some extends.

Your comments are welcome.

Regards.
0
 

Author Comment

by:JatinHemant
ID: 24465481
Thanks for being part of this discussion.

Regards.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Resolve DNS query failed errors for Exchange
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question