Need to get IP from MAC address...

[BobKratchet]

This is maddening... every 3 weeks someone turns on a computer with a wrong IP address and kills one important server...

Event Viewer shows... "The system detected an address conflict for IP address 172.18.32.5 with the system having network hardware address 00:01:64:76:95:A8. Network operations on this system may be disrupted as a result."

How can I find the IP address of this stupid computer knowing only it's MAC address? I tried arp -a and of course it's not in the table..

 

[manarth]

uh, the IP address is 172.18.32.5
roflmao

but mac prefix 00:01:64 belongs to a cisco device.

<marc> i wonder what will happen if i press this...[ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]

 

[BobKratchet]

Oops, I meant to say I needed the host name from the IP address. Thanks for the info, how did you know it was a Cisco device?

 

[BobKratchet]

OK, I am really dumb... the host name from the MAC address...

 

[Ntr0P]

To get the hostname from MAC, you need to resolve MAC to IP and IP to hostname. Remember, hostnames are mapped to IPs.

To find the vendor of the MAC:

http://www.shmoo.com/tools/mac/

 

[bcastner]

&quot;This is maddening... every 3 weeks someone turns on a computer with a wrong IP address and kills one important server...&quot;

Use DHCP for the clients. Enforce this. There is not a good security or LAN issue that would necessitate a static IP other than devices such as your CISCO router and your server.

Someone earlier suggested I thought a good idea, when you see the message use NET SEND \\172.18.32.5 Please See Me Immediately. You have to be careful because the occasional device could be nearly anything nowadays, printers, a Wireless Access Point, etc..

 

[adam108]

Is your network switched or shared? If it is switched, then you can track it down right after it happens by digging though switch mac tables until you find the mac.

He can tell it is a Cisco device because that mac address has been assigned to Cisco. Here is the OUI record.

00-01-64 (hex) Cisco Systems, Inc.
000164 (base 16) Cisco Systems, Inc.
170 West Tasman Drive - SJA-2
San Jose CA 95134
UNITED STATES


You can look Mac addresses up at:

http://standards.ieee.org/regauth/oui/index.shtml

With that said, check all your Cisco devices for a config that includes the ip address which is problematic and correct the config.

Adam

 

[SoyGalesa]

On a Windows box (pref NT or 2000 as I'm not sure this works on W95/W98) start up a command prompt and type

nbtstat -a 172.18.32.5

This will return output similar to below...

Local Area Connection:
Node IpAddress: [192.168.0.150] Scope Id: []

NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
PHOBOS <00> UNIQUE Registered
WORKGROUP <00> GROUP Registered
PHOBOS <20> UNIQUE Registered
PHOBOS <03> UNIQUE Registered
WORKGROUP <1E> GROUP Registered
__VMWARE_USER__<03> UNIQUE Registered
WORKGROUP <1D> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
ADMINISTRATOR <03> UNIQUE Registered

MAC Address = 00-06-29-29-0A-EC

Not only giving you the device name, but also the user name. This will only work if the conflicting device is a Microsoft OS.

If you get no return, try and telnet to it - this eliminates HP Jet Direct boxes and (potentially) Unix based boxes.

It's unlikely that this would be a Novell server as this would not be turned on and off at will.

My only other question would be, why does this device get this IP address, is it in your DHCP pool? and if so why? If it is a static IP address on the server, DHCP should not be allowed to give it out a client



I have nothing smart to say at this time!

 

[xitgirlx]

You can get the hostname from the IP with ping -a x.x.x.x You should give servers IPs that are outside of the DHCP scope (range of IP addresses your server hands out to DHCP clients). This will prevent DHCP from handing out the same IP as one of your servers. Usually, the first 25 addresses in a range will not be included in the DHCP scope so they can be used for routers, printers & server. In addition, use reserved IP for servers, printers etc.