How to find physical location of network device

Posted on 2014-09-25
Medium Priority
Last Modified: 2014-09-28
Surely this has been asked before.  I have identified some devices on my network, they would be physically plugged in to our network.  I need to find out where they are physically located.  I use Spiceworks to inventory my network and all those it can identify, it tells me which switch they are connected to - which is great, but some devices cannot be identified, I get a host name and an IP address and from these, I can also get a MAC address (from DHCP server).

I know our switches show mac addresses (Netgear GS724T) but even though I found a MAC address I was trying to identify, it simply showed port l1 - which means nothing to me.

Has anyone got any other ideas?

Question by:fuzzyfreak
  • 4
  • 3
  • 2
  • +1
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 40344079
One of the dirty way that my colleague used was in a scenario with multiple buildings and multiple switches, login to the managed switch and shutdown the uplink port to those switches which you can't find, the users connected to it will surely call help desk, this way we can't pinpoint but at least we can search in area nearby :-)

Author Comment

ID: 40344097
Ha ha, unfortunately this is not a practical solution.
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 40344103
Right :-)
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.


Expert Comment

ID: 40344113
You can disconnect the device in question from your switch and either trace the wire with a probe or just wait to see who notices.  This probably isn't a good idea if you think the device might be important -- but if you think it's a rogue device and have accounted for everything important, it's not a terrible strategy.

One other thought is that you can run a port scan against that IP address and see what ports it is listening on.  That will at least tell you what type of device it is.  You can also attempt to look up the MAC address on any of a number of sites.  Several sites can be found easily with a Google search for "mac address lookup".  The IEEE and Wireshark sites would be highly authoritative.
LVL 12

Expert Comment

ID: 40344170
If its a computer remote into it, and crank up some sounds on it on high volume if it has speakers ;) But that won't help with switches and all that.
You could try running netscan including the oobe.txt file to identify vendors etc of the appliance, which could help in identifying whether it is a dell, apc, Konica, or other brand.
You could than either log into the device via SSH, http, RDP or whatever it supports, and get some more info to assist in identifying it. But physical location is harder with unmanaged switches. Normally on a managed switch I would look at which port the device is connected to on the switch. From there you trace the lead back to the patch rack, and on the patch rack you check which outlet is marked on it. You then walk to the location in your business with that outlet number on it, and that should do it.

Author Comment

ID: 40344230
You can disconnect the device in question from your switch
what do you mean?
Maclean - you cannot remote to a computer without knowing the passwords.
I am sure Spiceworks is telling em everything it knows about these devices.
One in particular is named win8-cit_1- it is a windows machine and we only have one Win8 machine but this is not it - does anyone know if Windows 8 could be broadcasting itself across the network as a media device or something??
LVL 12

Assisted Solution

Maclean earned 1000 total points
ID: 40344568
You could logon with a domain admin account. Presuming the device is on the domain.
If you use any management tools such as Kaseya or labtech, you can even create a new local account on the system in question. You could also download psexec to remotely add a user.

Make sure you have psexec.exe on your computer

I put them in my root directory.

Open a command prompt
CD to where the psexec.exe resides

Create user:

psexec \\PCNAME net user xxx ppp /add


Add user to local admin

psexec \\PCNAME net localgroup administrators /add

xxx = username, ppp = password

Accepted Solution

gregcmcse earned 1000 total points
ID: 40345370
Fuzzy:  I mean, you have the switch port narrowed down, it appears.  Disconnect the plugged-in cable from that switch port and plug it into/connect it to a toner/tone detector and trace the cable.  That's if you have no idea where the physical location that network cable goes to is.  Your network wiring guy should be able to do that in a heartbeat.

Again, if you have the MAC address, look it up in any of 20 search results you'll get with the search I mentioned.

Note:  If the device is called "win8-cit_1-" -- chances are it's someone's home laptop they're plugging in to your network.

If you are pretty sure it's a renegade device, create a poisonous DHCP reservation.  What I mean by that is copy the mac address and put it into a DHCP lease.  If the IP address is, make the 03 (Router/default gateway) record as well.  Put a network mask like /31 ( on it as well.  The guy will attempt to connect to the network but not be able to communicate at all with the bad DHCP reservation (well, perhaps with one other system with the adjacent IP address).  Or give it a default gateway on a non-existent subnet.

Once you've done that, one of three things will happen:
1.  The legit user/server owner who bypassed protocol will go to the help desk looking for help.
2.  The fool trying to use his home device secretly will give up.
3.  The tech geek trying to get away with something will change the name of his home device to "blend in" more and will change MAC addresses.

How big is your company?

Author Comment

ID: 40345586
Hi guys, this is all brilliant stuff and Greg's MAC address search idea helped me locate this particular rogue laptop (by chance).  It was an Asus machine which we only have one of, so I went to that location and found the rogue laptop sitting behind it.  I say rogue, it is a legitimate business use laptop but was purchased without my knowledge, which as the IT Systems Manager, I don't like.  I now need to speak with management about the correct process - any tips to load my argument in my favour? - other than a) not being to manage it (which should be enough) and b) it having no AV on it.

Author Closing Comment

ID: 40345587
I was provided some excellent ideas, all of which are very handy for the future and I shall refer back to this regularly.

Expert Comment

ID: 40349338
Hi Fuzzy:

Sure, most companies larger than a couple of dozen employees have an IT policy in place that spells out several things:
- Thou shalt not purchase computer equipment without consulting with End User Computing/IT Management.
- Thou shalt not use computer software that has not been approved by End User Computing/IT Management.
- Thou shalt not connect anything to the corporate networks without gaining the approval of Network/IT Management.

The reasons for these rules are relatively simple:
1. End User Computing/IT can't support every brand of computer out there.  If everyone goes and buys their favorite brand on a whim, it costs the company in lost discounts from bulk-ordering from a single preferred vendor and prevents standardization and uniform computer management.
2. Anti-virus is a must in any company.
3. Undocumented hardware can go missing with company data without anyone knowing about it.
4. IT is ultimately responsible for ensuring software licensing and if software is loaded on an untracked/unmanaged laptop -- the company is liable.

I would be profoundly surprised if you get static attempting to enforce those simple rules -- but if you do, there is your ammo.  Good luck!

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question