Jerry Thompson
asked on
Is that even possible to see a device showing active on the network but is powered off?
We are a small k-12 school with about 150 school devices plus personal staff devices. Students are not allowed on the network.
I have filters activated on the windows 2012 r2 standard server and need to approve and enter the mac address of permitted devices to receive an address from the DHCP server.
I connected to our dd-wrt router and found a few computers using more bandwidth than they should.
One of the computers using too many resources belonged to one of the staff members. I went to see what that person was doing and I found the laptop powered off and plugged into a charging cart. The teacher stated that the laptop had been off for 2-3 hours, yet the dd-wrt >> Status >> LAN >> Active Clients showed the device had over 500 connections to the internet.
Question: Is that even possible to see a device showing active on the network but is powered off? My expectation is NO unless the computer was not truly off.
And I do believe it was powered off. I stood there when she turned it on and booted it up. I double checked the mac address and it did match. The next time I looked at the active devices, the laptop was no longer on the list.
Thank you.
Jerlo
I have filters activated on the windows 2012 r2 standard server and need to approve and enter the mac address of permitted devices to receive an address from the DHCP server.
I connected to our dd-wrt router and found a few computers using more bandwidth than they should.
One of the computers using too many resources belonged to one of the staff members. I went to see what that person was doing and I found the laptop powered off and plugged into a charging cart. The teacher stated that the laptop had been off for 2-3 hours, yet the dd-wrt >> Status >> LAN >> Active Clients showed the device had over 500 connections to the internet.
Question: Is that even possible to see a device showing active on the network but is powered off? My expectation is NO unless the computer was not truly off.
And I do believe it was powered off. I stood there when she turned it on and booted it up. I double checked the mac address and it did match. The next time I looked at the active devices, the laptop was no longer on the list.
Thank you.
Jerlo
Is there any type of Wake On Lan feature enabled on the device. Nic usually stays on when that feature is enabled.
If you are in a school, there is the possibility that one of your more adventurous students has figured out how to MAC spoof, which will get them past your mac filter on the server.
You could potentially confirm by tracing the MAC through the network.
Are you running wireless or hardwired into switches?
If wireless, is the MAC you are seeing identified to the NIC or wNIC?
You could potentially confirm by tracing the MAC through the network.
Are you running wireless or hardwired into switches?
If wireless, is the MAC you are seeing identified to the NIC or wNIC?
Another thought. Filtering your DHCP only restricts what devices are able to grab an address from your server. It doesn't stop someone configuring an IP address manually and connecting to your network. I read your other post and that could be a possible cause of the behavior you are seeing as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your input. It was helpful. I still never really discovered if the device was a sleep or truely off.
Thanks again.
jerlo
Thanks again.
jerlo