Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to determine which IP address goes to which device? 1

Status
Not open for further replies.

wahnula

Technical User
Jun 26, 2005
4,158
US
Hello to the gang,

Here's an easy one for you...I have been receiving a lot of Critical Errors regarding failed logons in my daily report the last few days, looking like this:

Code:
  Source:Security   Event ID:537   Last Occurrence:5/31/2007 11:34 AM   Total Occurrences:11 * 
Logon Failure: 
  Reason: An error occurred during logon 
  User Name:   
  Domain:   
  Logon Type: 3 
  Logon Process: Kerberos 
  Authentication Package: Kerberos 
  Workstation Name: - 
  Status code: 0xC000006D 
  Substatus code: 0xC0000133 
  Caller User Name: - 
  Caller Domain: - 
  Caller Logon ID: - 
  Caller Process ID: - 
  Transited Services: - 
  Source Network Address: 192.168.16.19 
  Source Port: 1528

I would like to know where this is originating. In my Usage Report, this is the sixth-highest device. It does not have a username, so it must be either one of two WAPs (encrypted, WEP 13-digit) the gigabit switch, or a small network hub. It is not the IP address assigned to either network printer. Most likely it is one of the WAPs.

Research into the Event ID is failed logon (duh) or a possible time conflict, inquiring minds want to know exactly which device is causing the error.

Is there a way within SBS to determine which IP address goes to which device? I know I could unplug each device and then pull a usage report, but I don't want to waste time nor take down any part of the network. I also know this is not a source for worry, but if one of my WAPs is getting pinged I would like to know who's doing it.

Thanks as always.

Tony
 
Is the address part of your DHCP range? If so check the DHCP snap-in to see the assignment.

You could also try a PING -A on that address to try and get a host name back.

IPCONFIG /ALL on the server will list all the NICS ont he server and their IPs.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Is the address part of your DHCP range?

Yes

I did the ping -a...it's my machine's IP address today, but I (and my PC) was not connected to the network over the holiday weekend and I took my PC home last night and did not check OWA nor logon until this morning. I guess it is the next address in line, and once I disconnect, any new device that joins the network gets it. Thanks for the info on the DHCP snapin.

Tony

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top