Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Finding particular computer on the network

Status
Not open for further replies.
sharapov

sharapov

MIS
May 28, 2002
106
0
0
US
Hello,

We have about 200 computers that get their IP addresses via DHCP. All computers have rendomly assighned names during initial installation. I recently noticed that one of the computers on the network is hogging several DHCP IP addresses. How can I find that computer? Can I make network card's lights blink on the affected machine or something? :) Any ideas?
 
Sort by date Sort by votes
Easier way, You know the mac address from DHCP, so if your switches are manageable (I assume they are), find the mac address on the switches.

 
Upvote 0 Downvote
308win,

Thank you for your reply. I can find the mac address, but I really need to find that computer. I think there some sort of malicious software is running on it. Any other ideas?

Thanks.
 
Upvote 0 Downvote
Where are you finding the MAC address? Your DHCP server or the switch?

1.) Are your switches manageable? If so get a console session session and look up the offensive MAC address. It will be assigned to a port. On a Cisco device the command is sho mac. On switches with http interfaces you find the menu option for port addresses. If the port that the MAC address appears on is also the port that is cross connected to another switch, move on to the next switch and repeat the process. Identifying the port will lead you directly to the machine. Depending on the switches that you use you can also deny access to that MAC address and pretty soon you would assume someone will start complaining about their access. (Or block the ip addresses at your router/firewall and wait for the complaint.)
2.) If you have a RAS or some kine of dial in server it is very possible that that server is obtaining multiple addresses in proxy for the dial in clients and you have no problem.
3.) Another giveaway as to the identity would be to check the ARP table on your router. See if the MAC address appears with any other IP addresses outside of what your DHCP range is. If it is a dialup/RAS server, I would imagine that the device also has a static IP address which chould be identified in the ARP table. (That assumes that the server is in the routers ARP cache.)
4.) And a last idea, I don't know if it is possible with DHCP, but can you reserve an invalid IP address for that MAC address and then sit back and wait for the user to compalin?
 
Upvote 0 Downvote
Shut off the port or unplug the device on your switch. You'll get a call from whoever it is that can't use it. Believe me, this works very well. If you suspect there is a virus or malicious software on that device you don't want it attached to your network anyway...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
180
maybeimaleo
maybeimaleo
Vedant Gonnade
  • Locked
  • Question
How to send a string (generated by camera) to computer
Replies
0
Views
114
Vedant Gonnade
Vedant Gonnade
jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
144
sbcsu
sbcsu
TheFaz_
  • Locked
  • Question
Sending udp packets from fpga to the computer using Lwip tcp/ip stack using C programming
Replies
0
Views
132
TheFaz_
TheFaz_
tsame
  • Locked
  • Question
SNMP: Finding MIB with OID
Replies
0
Views
37
tsame
tsame

Part and Inventory Search

Sponsor

Back
Top