How to find physical location of network device

Surely this has been asked before.  I have identified some devices on my network, they would be physically plugged in to our network.  I need to find out where they are physically located.  I use Spiceworks to inventory my network and all those it can identify, it tells me which switch they are connected to - which is great, but some devices cannot be identified, I get a host name and an IP address and from these, I can also get a MAC address (from DHCP server).

I know our switches show mac addresses (Netgear GS724T) but even though I found a MAC address I was trying to identify, it simply showed port l1 - which means nothing to me.

Has anyone got any other ideas?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

One of the dirty way that my colleague used was in a scenario with multiple buildings and multiple switches, login to the managed switch and shutdown the uplink port to those switches which you can't find, the users connected to it will surely call help desk, this way we can't pinpoint but at least we can search in area nearby :-)
fuzzyfreakAuthor Commented:
Ha ha, unfortunately this is not a practical solution.
Right :-)
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

You can disconnect the device in question from your switch and either trace the wire with a probe or just wait to see who notices.  This probably isn't a good idea if you think the device might be important -- but if you think it's a rogue device and have accounted for everything important, it's not a terrible strategy.

One other thought is that you can run a port scan against that IP address and see what ports it is listening on.  That will at least tell you what type of device it is.  You can also attempt to look up the MAC address on any of a number of sites.  Several sites can be found easily with a Google search for "mac address lookup".  The IEEE and Wireshark sites would be highly authoritative.
MacleanSystem EngineerCommented:
If its a computer remote into it, and crank up some sounds on it on high volume if it has speakers ;) But that won't help with switches and all that.
You could try running netscan including the oobe.txt file to identify vendors etc of the appliance, which could help in identifying whether it is a dell, apc, Konica, or other brand.
You could than either log into the device via SSH, http, RDP or whatever it supports, and get some more info to assist in identifying it. But physical location is harder with unmanaged switches. Normally on a managed switch I would look at which port the device is connected to on the switch. From there you trace the lead back to the patch rack, and on the patch rack you check which outlet is marked on it. You then walk to the location in your business with that outlet number on it, and that should do it.
fuzzyfreakAuthor Commented:
You can disconnect the device in question from your switch
what do you mean?
Maclean - you cannot remote to a computer without knowing the passwords.
I am sure Spiceworks is telling em everything it knows about these devices.
One in particular is named win8-cit_1- it is a windows machine and we only have one Win8 machine but this is not it - does anyone know if Windows 8 could be broadcasting itself across the network as a media device or something??
MacleanSystem EngineerCommented:
You could logon with a domain admin account. Presuming the device is on the domain.
If you use any management tools such as Kaseya or labtech, you can even create a new local account on the system in question. You could also download psexec to remotely add a user.

Make sure you have psexec.exe on your computer

I put them in my root directory.

Open a command prompt
CD to where the psexec.exe resides

Create user:

psexec \\PCNAME net user xxx ppp /add


Add user to local admin

psexec \\PCNAME net localgroup administrators /add

xxx = username, ppp = password
Fuzzy:  I mean, you have the switch port narrowed down, it appears.  Disconnect the plugged-in cable from that switch port and plug it into/connect it to a toner/tone detector and trace the cable.  That's if you have no idea where the physical location that network cable goes to is.  Your network wiring guy should be able to do that in a heartbeat.

Again, if you have the MAC address, look it up in any of 20 search results you'll get with the search I mentioned.

Note:  If the device is called "win8-cit_1-" -- chances are it's someone's home laptop they're plugging in to your network.

If you are pretty sure it's a renegade device, create a poisonous DHCP reservation.  What I mean by that is copy the mac address and put it into a DHCP lease.  If the IP address is, make the 03 (Router/default gateway) record as well.  Put a network mask like /31 ( on it as well.  The guy will attempt to connect to the network but not be able to communicate at all with the bad DHCP reservation (well, perhaps with one other system with the adjacent IP address).  Or give it a default gateway on a non-existent subnet.

Once you've done that, one of three things will happen:
1.  The legit user/server owner who bypassed protocol will go to the help desk looking for help.
2.  The fool trying to use his home device secretly will give up.
3.  The tech geek trying to get away with something will change the name of his home device to "blend in" more and will change MAC addresses.

How big is your company?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fuzzyfreakAuthor Commented:
Hi guys, this is all brilliant stuff and Greg's MAC address search idea helped me locate this particular rogue laptop (by chance).  It was an Asus machine which we only have one of, so I went to that location and found the rogue laptop sitting behind it.  I say rogue, it is a legitimate business use laptop but was purchased without my knowledge, which as the IT Systems Manager, I don't like.  I now need to speak with management about the correct process - any tips to load my argument in my favour? - other than a) not being to manage it (which should be enough) and b) it having no AV on it.
fuzzyfreakAuthor Commented:
I was provided some excellent ideas, all of which are very handy for the future and I shall refer back to this regularly.
Hi Fuzzy:

Sure, most companies larger than a couple of dozen employees have an IT policy in place that spells out several things:
- Thou shalt not purchase computer equipment without consulting with End User Computing/IT Management.
- Thou shalt not use computer software that has not been approved by End User Computing/IT Management.
- Thou shalt not connect anything to the corporate networks without gaining the approval of Network/IT Management.

The reasons for these rules are relatively simple:
1. End User Computing/IT can't support every brand of computer out there.  If everyone goes and buys their favorite brand on a whim, it costs the company in lost discounts from bulk-ordering from a single preferred vendor and prevents standardization and uniform computer management.
2. Anti-virus is a must in any company.
3. Undocumented hardware can go missing with company data without anyone knowing about it.
4. IT is ultimately responsible for ensuring software licensing and if software is loaded on an untracked/unmanaged laptop -- the company is liable.

I would be profoundly surprised if you get static attempting to enforce those simple rules -- but if you do, there is your ammo.  Good luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.