asked on

Find a host with specific IP address.

Hi
I got a very large network about 5000 users and I need to find a host where it’s located I only have ip address how can I find the host or the switch host is connected to.
Please advice

Giovanni

You can resolve addresses to hostname via ping, tracert, or nslookup (among others):

ping -4 -a -n 1 192.168.1.1

Open in new window

tracert -4 192.168.1.1

Open in new window

nslookup 192.168.1.1

Open in new window

Use trace route to determine the nearest hop to the target IP address. If you have access to that hop (e.g. router, switch stack, etc.), you can obtain the MAC address. Use the MAC to identify the port. Also with the MAC, you can determine the manufacturer of the NIC ( though this may be easily spoofed) via IEEE OUI lookup. Once you have the port you can trace the line.

http://standards.ieee.org/develop/regauth/oui/public.html

If you use Cisco switches with CDP enabled, it's possible you could run this script I wrote on the target PC, to self-identify and report it's port. Modify 127.0.0.1\c$ to reflect a central share.

@echo off
setlocal enabledelayedexpansion
rem Requires WinDump @ http://www.winpcap.org/windump/install/
rem        + WinPcap @ http://www.winpcap.org/install/default.htm
rem   OR
rem          TCPDUMP @ http://www.microolap.com/products/network/tcpdump/
echo Cisco CDP Port-ID Identifier v1.0 by Giovanni
set app=windump
set output=\\?\UNC\127.0.0.1\c$\PortID.txt
for /f "tokens=4" %%i in ('route print -4 0.*^|find "0.0.0.0"') do (
	if not [%%i]==[Default] (
		for /f "tokens=3 delims=," %%s in ('wmic nicconfig get IPAddress^,SettingID /format:csv^|findstr "%%i"') do (
			for /f "delims=." %%i in ('!app! -D^|findstr "%%s"') do (	
				!app! -i %%i -nn -v -s 1500 -c 1 ether[20:2] == 0x2000 | findstr "Device-ID Address Port-ID Platform"
			)>!output!
		)
	)
)
if exist !output! type !output!

Open in new window

Additionally, you can scan the IP address using a port scanner (such as Nmap) in an attempt to identify services and banners, to further identify the system.