Solved

Tracking down rogue IP address

Posted on 2014-09-03
5
428 Views
Last Modified: 2014-09-03
Hello Experts - I'm having a problem with a rogue IP address and have been trying to track it down.  I have four HP 2920 switches but don't know the command line very well yet.  Can anyone provide some guidance on how I can track down which port the offending device is plugged into?
0
Comment
Question by:danbrown_
  • 2
  • 2
5 Comments
 
LVL 7

Accepted Solution

by:
tolinrome earned 500 total points
ID: 40300996
A couple of ways:

1. You can use wireshark to filter for that rogue IP address and then just start disconnecting switches and see if the ip stops, then once the switch is found you can narrow it down to the ports on the switch.

2, Go on your firewall or switches and look at the arp table of the mapping of ip address and mac address and it will tell you what port number it is on.
0
 

Author Comment

by:danbrown_
ID: 40301002
Ok, I was thinking arp table as well, thanks!
0
 
LVL 7

Expert Comment

by:tolinrome
ID: 40301018
also sometimes a rogue ip will be a virtual ip on someone's computer where they installed virtual box or vmware etc.. and it gives it an ip different than whats assigned to your network, so think of who may have a vm on their computer if you cant find the rouge ip for some reason.
0
 
LVL 2

Expert Comment

by:Matty-CT
ID: 40301349
If you download a demo of HP Procurve Network Manager and install it, it has a feature to find devices by IP address or by mac address too. You type in the IP and it'll tell you on what port and switch the device is connected!

ARP works too and then you can run a show mac address command on HP switches to locate the corresponding MAC by port.

Matt
0
 

Author Comment

by:danbrown_
ID: 40301366
Wow, now that is a useful function, wish it came standard with routers and switches.  Just so you guys know it wound up being a Dell iDrac device that suddenly decided to turn itself on.  I did a port scan of the IP, saw HTTP was open, connected and disabled it.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Update HP 4300 SAN from OS 9 to 12 without loosing data. 3 94
Failing ALG SIP test for new VoIP phone system 4 49
slow vpn connection 9 41
BGP Network restrictions 6 20
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now