Determine who or what is on my home network, with MAC and IP

I have a older Linksys router, I have it set to only allow my MAC addresses I add to it but when looking at the DHCP leases I see a MAC address with a IP that I don't recognize and is not in my MAC filter list.

Is there a way I can determine exactly what this device is or if it is someone that should not be connected? I have broadcasting disabled too, and WPA2.

I tried RDP and web browsing to the IP but could not connect. I don't think the IP would ping either.

P.S. Something else I need to add it I just installed a Intel Dual Band Wifi AC Adapter that is also a Blue Tooth receiver. I dind't really check before installing the card and when setting up the new MAC I noticed the DHCP lease that I didn't recognize. Is there a chance that could be from the Blue Tooth card?
REIUSAAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Kamran ArshadConnect With a Mentor IT AssociateCommented:
There are many discovery applications that can help you in this regard. Just give them the network range and they will discover devices. Some of the applications are;

1- Spiceworks www.spiceworks.com
2- Kaboodle   www.kaboodle.org

They will let you know what type of device it is.
0
 
QlemoConnect With a Mentor DeveloperCommented:
You should check the first half of the MAC address against the OUI registration of IEEE. http://standards.ieee.org/develop/regauth/oui/public.html, and that should tell the brand of the NIC.
0
 
Giovanni HewardConnect With a Mentor Commented:
Bear in mind an experience attacker may detect your wireless network, even when you are not broadcasting the service set ID (SSID).  They can also observe authorized clients authenticating, and spoof their own MAC address to match.

As a next step in identifying devices, I suggest you try Nmap as an OS fingerprinting and port scanning tool.  This tool will automatically lookup the OUI registration for you, identify open ports, probe those ports/services to identify an OS, grab service banners, etc.  So in situations where the MAC is spoofed, you can often confirm the underlying OS-- if all ports are not blocked/closed (which an experienced attacker would also do.)

Bear in mind ICMP may be disabled (ping not permitted) but other ports are open and services are listening.  Use the -Pn switch to skip PING tests when using Nmap.

Additionally, make sure you disable Wi-Fi Protected Setup (WPS).
0
 
REIUSAAuthor Commented:
Great, thanks for the tips. I will run some of these tools and see what's going on.

In the event it is a external device is there anything I can do to stop them or block them? I odn't think my router will allow me to block and filter MAC's at the same time.
0
All Courses

From novice to tech pro — start learning today.