Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DHCP issue knowing MAC and IP

Status
Not open for further replies.
DrB0b

DrB0b

IS-IT--Management
May 19, 2011
1,432
US
Hi this is a bit difficult to put into words but hopefully I can make sense enough.

We have DHCP set up split between two 08 boxes 50/50. The last couple days I have noticed an IP handed out to a user that has no Name. I can see its MAC but without having any idea what type of device it is, I have no way of tracking it down. Ive done a ipconfig /all on all the servers and any PCs running Virtual software and cant find anything with that MAC or having requested that IP. When I add it to the Deny Filter and remove it from the DHCP list, no one comes running saying something cant access the network or wireless. Basically I would like to know what this device is if any way to do so or track it down if it is in the plant to ID it. We have iPhones and Droids in the building but they all come up as Bobs-iphone.domain.com so they are easy to ID. Ive went to every oddball PC we have in house and cant find it and our wifi is password protected with a very good password. The only laptop not in the domain on the network is mine.

Any ideas on how to track this down? I want to know if I need to blacklist this MAC if it is coming from the outside or if there is a way to figure out what device it is. Tried a nbtstat - a and nothing shows.

"You don't know what you got, till it's gone..
80's hair band Cinderella or ode to data backups???
 
Sort by date Sort by votes
Ive enabled the MAC again and it acquired an IP. Ic checke dboth our wireless switches and neither show that IP being pushed by them so this would have to be a physically attached device then, correct? Physically logging into each and every switch will be a PITA but I guess I will start doing that until I hear a better idea.

"You don't know what you got, till it's gone..
80's hair band Cinderella or ode to data backups???
 
Upvote 0 Downvote
The router immediately after the gateway doesnt show an active internet connection out for that IP so I dont think it is a threat from the outside.

"You don't know what you got, till it's gone..
80's hair band Cinderella or ode to data backups???
 
Upvote 0 Downvote
there are quite a few online sites that let you type in a MAC address and respond with the manufacture (Google "lookup device by MAC address")

While it won't give the the exact device, it might give you a clue
 
Upvote 0 Downvote
I assume you aren't still in the dark ages and have switches in your network that you can interogate their MAC forwarding (bridge) tables? If so simply look for where that MAC address is, locate the switch and wiring socket and you have the culprit. If its a wireless device its obviously more difficult, however you 'should' really have separate VLANs/Subnets for your wired and wireless access so you should be able to tell from the IP address whether its on a Wireless or Wired network.

Andy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pomazip
  • Locked
  • Question
Windows Server 2019 mac address issue
Replies
2
Views
522
pomazip
pomazip
techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
453
araheusaff
araheusaff
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
752
mangentle
mangentle
kbryii
  • Locked
  • Question
AD and DHCP issue
Replies
1
Views
143
gbaughma
gbaughma
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
149
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top