• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 861
  • Last Modified:

unknonwn IP address

We did an IP scan on our network and found an IP address that we could not pinpoint back to a device.

I have tried telnet,ssh, traceroute, ping.

Are there any other commands that i can use to figure what this device is?

Can I shut it down or block this device?
0
MECIT
Asked:
MECIT
  • 2
  • 2
  • 2
  • +1
3 Solutions
 
Ken BooneNetwork ConsultantCommented:
Well ping the ip address and then look at your arp table to find the mac address of the device.  Then if you have a managed switch you should be able to find the port that that mac address lives off of.   Then either you can track it down by cables to find it, or just shut the port down and see who screams.
0
 
xDUCKxCommented:
You can ping the machine and then do an arp -a from the command prompt.  Get the MAC Address of the machine and then check your switches for where that MAC address is.  If you have WLAN this would be easier as you've got a list of attached devices by MAC address on one screen.

Once you've isolated the port that it's plugged into you should be able to trace back to where it's physically connected on the network.  

Not a pretty solution and may take some time...but it will work  :-)
0
 
PaulNSWCommented:
You could try using Netscan
http://www.softperfect.com/products/networkscanner/

Then add the MAC/vendor address database. Then it may give you some clue who the vendor is.

If you can find out the switch port the MAC address is on, you can shut it the switchport down and track it from there

use
show mac-address-table

if you have a cisco switch and trace it back to the port
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
xDUCKxCommented:
If it's a wireless device....could be phone.  You can stop the MAC Address thru MAC Address filtering and as Ken pointed out, wait until someone screams.  

Additionally, you can do a vendor lookup for the mac address to get an idea of what the device is:

http://www.coffer.com/mac_find/

Could give you an idea if it's a phone or an HP device or a Broadcom NIC.
0
 
MECITAuthor Commented:
I found the mac address . I have Dell 6248 switches so what would be the commands to see the mac addresses.

I tried the coffer.com but could not find anything.
0
 
Ken BooneNetwork ConsultantCommented:
0
 
MECITAuthor Commented:
thanks for the help. We figured out what it was. An apple tv we were testing.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now