0

Got a weird one here.

I've got an IP address in my subnet that is alive and responds to ping requests, but I can't figure out what device actually live at that address. I've tried a couple of IP scanners that usually list hostnames and open ports / services, I've tried connecting to that address via http, https, telnet, SSH, but nothing responds and I don't have anything in DNS at that address.

We have no records or documentation of any device existing at this address and I'm at a bit of a loss because I need to expand my DHCP range, and this address is in the way.

Anyone know of a better way to interrogate that address to figure out what it is?

Thanks!

EDIT: I don't really see how this is a duplicate since that other question is from a completely different case [He has data from Advanced IP Scanner and I don't, he's using VMs, and I'm not] and that thread also has no answer. But it doesn't really matter because I found the offending device due to some great advice and good utilities in this thread. Thanks everyone!

Improve this question
6
  • Find out the port it's connected to and follow the cable.
    – Seth
    Commented May 5, 2017 at 12:33
  • I'd be okay with that, but my network has like 25 different switches and poor documentation. Any suggestions on how I might go about figuring out where it's plugged in?
    – Catatonic27
    Commented May 5, 2017 at 12:34
  • What is the result if you do ping -a [ip address] ? It will attempt to resolve the ip address to a hostname.
    – LPChip
    Commented May 5, 2017 at 12:42
  • If they're really just dumb switches there isn't much you can do. If they're managed switches you might be able to use some script to ask them for information.
    – Seth
    Commented May 5, 2017 at 12:46
  • 1
    Ping the device by IP address, then do an arp -a from a command line to find out the MAC address. Put the first three octets of the MAC address in Google or an OUI search site and it will tell you the manufacturer of the NIC. It's possible to spoof this info but it may give you a clue.
    – LawrenceC
    Commented May 5, 2017 at 13:02

2 Answers 2

Reset to default
5

Your objective is to find the device which is running in the specific IP address. For this I would recommend you to use nmap. Let's take for an example that the ipaddress is 192.168.1.7 in your network.

  • If you want to know the OS information
    nmap -A 192.168.1.7
  • Search for open port
    • nmap 192.168.1.7

    When you scan for the open port, if any port is open then try to connect with that port (if the port is connectable). Or you can even use the port to get the information through that open port, like:
    nmap -p 80 192.168.1.7
    Here I am using port 80 to scan for the information. You can download nmap from here. There's ports for most of the popular desktop OSes (You've not mentioned what you use), so chances are you can run this on most PCs

    Improve this answer
    8
    • C:\>nmap 'nmap' is not recognized as an internal or external command, operable program or batch file.
      – LPChip
      Commented May 5, 2017 at 12:44
    • 1
      @LPChip nmap is a well known scanner and the OP should know about it if he tried several. You will have to install it and there are Windows ports from what I know.
      – Seth
      Commented May 5, 2017 at 12:45
    • @Seth my point is, that this is a Q&A site. Any software not native to your OS needs a link so someone who finds this post can understand that they need additional software.
      – LPChip
      Commented May 5, 2017 at 12:46
    • So my OS could be Linux? There wasn't a mention anywhere of a OS. In addition I'd have a different opinion on this but this would be more suited for meta or chat.
      – Seth
      Commented May 5, 2017 at 12:50
    • 1
      Good stuff @Prashant Dey. I'm looking into this. nmap is telling me that https and ssh are open on this address but I can't connect to the host with either service.
      – Catatonic27
      Commented May 5, 2017 at 13:11
    0

    [...] my network has like 25 different switches and poor documentation.

    If your network doesn't need to be up 24/24: Unplug stuff from switches until you cannot longer ping the device in question. Follow the cable you just unplugged, rinse and repeat. While you are at it, make some notes so documentation gradually improves.

    Improve this answer

    Not the answer you're looking for? Browse other questions tagged .