Solved

Tracking down rogue IP address

Posted on 2014-09-03
5
411 Views
Last Modified: 2014-09-03
Hello Experts - I'm having a problem with a rogue IP address and have been trying to track it down.  I have four HP 2920 switches but don't know the command line very well yet.  Can anyone provide some guidance on how I can track down which port the offending device is plugged into?
0
Comment
Question by:danbrown_
  • 2
  • 2
5 Comments
 
LVL 7

Accepted Solution

by:
tolinrome earned 500 total points
ID: 40300996
A couple of ways:

1. You can use wireshark to filter for that rogue IP address and then just start disconnecting switches and see if the ip stops, then once the switch is found you can narrow it down to the ports on the switch.

2, Go on your firewall or switches and look at the arp table of the mapping of ip address and mac address and it will tell you what port number it is on.
0
 

Author Comment

by:danbrown_
ID: 40301002
Ok, I was thinking arp table as well, thanks!
0
 
LVL 7

Expert Comment

by:tolinrome
ID: 40301018
also sometimes a rogue ip will be a virtual ip on someone's computer where they installed virtual box or vmware etc.. and it gives it an ip different than whats assigned to your network, so think of who may have a vm on their computer if you cant find the rouge ip for some reason.
0
 
LVL 2

Expert Comment

by:Matty-CT
ID: 40301349
If you download a demo of HP Procurve Network Manager and install it, it has a feature to find devices by IP address or by mac address too. You type in the IP and it'll tell you on what port and switch the device is connected!

ARP works too and then you can run a show mac address command on HP switches to locate the corresponding MAC by port.

Matt
0
 

Author Comment

by:danbrown_
ID: 40301366
Wow, now that is a useful function, wish it came standard with routers and switches.  Just so you guys know it wound up being a Dell iDrac device that suddenly decided to turn itself on.  I did a port scan of the IP, saw HTTP was open, connected and disabled it.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now