Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Tracking down rogue IP address

Posted on 2014-09-03
5
Medium Priority
?
516 Views
Last Modified: 2014-09-03
Hello Experts - I'm having a problem with a rogue IP address and have been trying to track it down.  I have four HP 2920 switches but don't know the command line very well yet.  Can anyone provide some guidance on how I can track down which port the offending device is plugged into?
0
Comment
Question by:danbrown_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 7

Accepted Solution

by:
tolinrome earned 2000 total points
ID: 40300996
A couple of ways:

1. You can use wireshark to filter for that rogue IP address and then just start disconnecting switches and see if the ip stops, then once the switch is found you can narrow it down to the ports on the switch.

2, Go on your firewall or switches and look at the arp table of the mapping of ip address and mac address and it will tell you what port number it is on.
0
 

Author Comment

by:danbrown_
ID: 40301002
Ok, I was thinking arp table as well, thanks!
0
 
LVL 7

Expert Comment

by:tolinrome
ID: 40301018
also sometimes a rogue ip will be a virtual ip on someone's computer where they installed virtual box or vmware etc.. and it gives it an ip different than whats assigned to your network, so think of who may have a vm on their computer if you cant find the rouge ip for some reason.
0
 
LVL 2

Expert Comment

by:Matty-CT
ID: 40301349
If you download a demo of HP Procurve Network Manager and install it, it has a feature to find devices by IP address or by mac address too. You type in the IP and it'll tell you on what port and switch the device is connected!

ARP works too and then you can run a show mac address command on HP switches to locate the corresponding MAC by port.

Matt
0
 

Author Comment

by:danbrown_
ID: 40301366
Wow, now that is a useful function, wish it came standard with routers and switches.  Just so you guys know it wound up being a Dell iDrac device that suddenly decided to turn itself on.  I did a port scan of the IP, saw HTTP was open, connected and disabled it.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question