Tracking down rogue IP address

Hello Experts - I'm having a problem with a rogue IP address and have been trying to track it down.  I have four HP 2920 switches but don't know the command line very well yet.  Can anyone provide some guidance on how I can track down which port the offending device is plugged into?
danbrown_IT ManagerAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
tolinromeConnect With a Mentor Commented:
A couple of ways:

1. You can use wireshark to filter for that rogue IP address and then just start disconnecting switches and see if the ip stops, then once the switch is found you can narrow it down to the ports on the switch.

2, Go on your firewall or switches and look at the arp table of the mapping of ip address and mac address and it will tell you what port number it is on.
0
 
danbrown_IT ManagerAuthor Commented:
Ok, I was thinking arp table as well, thanks!
0
 
tolinromeCommented:
also sometimes a rogue ip will be a virtual ip on someone's computer where they installed virtual box or vmware etc.. and it gives it an ip different than whats assigned to your network, so think of who may have a vm on their computer if you cant find the rouge ip for some reason.
0
 
Matty-CTCommented:
If you download a demo of HP Procurve Network Manager and install it, it has a feature to find devices by IP address or by mac address too. You type in the IP and it'll tell you on what port and switch the device is connected!

ARP works too and then you can run a show mac address command on HP switches to locate the corresponding MAC by port.

Matt
0
 
danbrown_IT ManagerAuthor Commented:
Wow, now that is a useful function, wish it came standard with routers and switches.  Just so you guys know it wound up being a Dell iDrac device that suddenly decided to turn itself on.  I did a port scan of the IP, saw HTTP was open, connected and disabled it.
0
All Courses

From novice to tech pro — start learning today.