paulterack2
asked on
What IP addresses are in use on network?
Is there a way in Server 2008 to know what IP addresses are in use? I currently use DHCP and some reservations etc. However, what if someone with a laptop just plugged into the network and gave itself a STATIC IP. Is there a way in R2, I can check a list of all IP's in use? Then if I saw some device using an address outside my defined DHCP range I could question what this computer was and take action from there.
thanks
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Windows does not track and really has no management facility to track static IPs. You would need network monitoring software which could potentially be very expensive.
Ideally, you wouldn't permit someone to just come along and setup a computer with a static IP and get it on your network. You would use a BUSINESS CLASS managed switch and disable all ports not officially in use. Then your wireless would require a key to gain access to the network. In doing this, there would be no need for this.
You can MANUALLY do some analysis... maintain a list of static addresses so you know what should be on and what shouldn't and then you can use a script to ping them periodically (when I want to know what systems are on on the network, I run the following command (assuming the subnet in question is 192.168.10.x)
for /l %a in (1,1,254) do @ping -n 1 -w 100 192.168.1.%a | find /i "reply"
That command then lists all systems responding to a ping. But it's imperfect since a machine with a firewall enabled blocking ICMP ECHO requests won't reply but will still be on and using an IP.
Another imperfect way of finding things is to check DNS (assuming you allow dynamic updates for everything and not just domain joined systems - NOT ADVISABLE), you may get a list of IPs and hostnames in use, but again, you don't know when they were initially registered, where they are, or if they still exist (depending on your scavaging period).
Ideally, you wouldn't permit someone to just come along and setup a computer with a static IP and get it on your network. You would use a BUSINESS CLASS managed switch and disable all ports not officially in use. Then your wireless would require a key to gain access to the network. In doing this, there would be no need for this.
You can MANUALLY do some analysis... maintain a list of static addresses so you know what should be on and what shouldn't and then you can use a script to ping them periodically (when I want to know what systems are on on the network, I run the following command (assuming the subnet in question is 192.168.10.x)
for /l %a in (1,1,254) do @ping -n 1 -w 100 192.168.1.%a | find /i "reply"
That command then lists all systems responding to a ping. But it's imperfect since a machine with a firewall enabled blocking ICMP ECHO requests won't reply but will still be on and using an IP.
Another imperfect way of finding things is to check DNS (assuming you allow dynamic updates for everything and not just domain joined systems - NOT ADVISABLE), you may get a list of IPs and hostnames in use, but again, you don't know when they were initially registered, where they are, or if they still exist (depending on your scavaging period).
Server 2008 brings a new feature called network access protection. I believe you will find this useful in preventing unauthorized users from connecting to your network.
To discover network devices that have a IP address, I use a little free utility called Advanced IP Scanner. It is found at:
http://www.radmin.com/products/ipscanner/
John
http://www.radmin.com/products/ipscanner/
John
http://www.petri.co.il/quickly_find_used_ip_addresses.htm