Identifying physical device with just an IP
Hi
I'm trying to find a physical device on my client's network; all I have is its IP address
It keeps regularly dropping off
The MAC address (f4-f2-6d-00-a8-6d) apparently corresponds to a TP-Link device
A port scan revealed the following open ports : 135, 139, 445, 8080
I'm not sure how to proceed any further without having to disconnect cables in order to isolate the device
I'm trying to find a physical device on my client's network; all I have is its IP address
It keeps regularly dropping off
The MAC address (f4-f2-6d-00-a8-6d) apparently corresponds to a TP-Link device
A port scan revealed the following open ports : 135, 139, 445, 8080
I'm not sure how to proceed any further without having to disconnect cables in order to isolate the device
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
masnrock
I guess the better question is are you trying to identify what the device is or are you trying to identify it's location? My answer was location based, whereas the other responses are more based on what the device is.
ASKER
The answer to your question is 'both' since one will lead to the other
That's what I figured. At the end of the day, you'd need to track down the location anyway. I'd work through the switches, but I'd also follow Mal's advice of trying to browse to port 8080 of the device in question. That should let you see a login page of something.
I'm willing to bet whatever IP that device has is conflicting with something else, hence why you see it going on and off the network the way that you do. If you did used arp at varying times, you might sometimes end up with a different MAC resulting.
I'm willing to bet whatever IP that device has is conflicting with something else, hence why you see it going on and off the network the way that you do. If you did used arp at varying times, you might sometimes end up with a different MAC resulting.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
First suggestions are always simple ideas that have chance to be easy implemented and tested. If first suggestions, simple ideas, are not successful that try something else, harder to implement with less obvious results.
So, I want to make few points:
- when opening ticket why not write what you already tried not to waste time (for either you or others)?
Getting answers about what you already tried is pointless. If I know what you have already tried I would not suggest trying it.
- Specify network equipment that is in use since there can be device specific solution (for example Cisco has Layer 2 Traceroute which could solve you issue, but it is proprietary technology and vendor for devices is unknown).
There can always be some solution for such detection including creating DoS attack on that IP address and simply looking at lights on switch which light has changed blinking rate when attack started. :)
I guess there can be other solutions too...
Which lead us to another point:
- simply delete question if there are no useful suggestions. But, I guess that lead us back to when opening ticket write what you already tried.
:)
So, I want to make few points:
- when opening ticket why not write what you already tried not to waste time (for either you or others)?
Getting answers about what you already tried is pointless. If I know what you have already tried I would not suggest trying it.
- Specify network equipment that is in use since there can be device specific solution (for example Cisco has Layer 2 Traceroute which could solve you issue, but it is proprietary technology and vendor for devices is unknown).
There can always be some solution for such detection including creating DoS attack on that IP address and simply looking at lights on switch which light has changed blinking rate when attack started. :)
I guess there can be other solutions too...
Which lead us to another point:
- simply delete question if there are no useful suggestions. But, I guess that lead us back to when opening ticket write what you already tried.
:)
Is the IP address that mystery device is using in use by another device? If so, then I would try to disconnect the known device if possible. That should keep the mystery device online, then you can work on tracking it down.
ASKER
.