| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 108356 | 2010-03-25 07:53:00 | Rogue device on work network | jwil1 (65) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 869904 | 2010-03-25 07:53:00 | Hi guys I rebooted a server today, and when it came up I got an 'IP Address duplicate' error on it and it wouldn't connect to the network (had IP X.X.X.70). I changed the IP to .71 enable network access to/from it. The IP .70 is outside the DHCP scope. I can ping .70, but can't telnet, ssh, or anything else to it, including through Windows' file sharing (\\hostname). I have its IP (obviously) and MAC address, from my ARP cache. That's all unfortunately :( It's not in DHCP, which leads me to think someone deliberately set this IP, and it's not in DNS either. Three things: - How can I find out more info about it? - Can I find out what kind of device it is, and thus access it? - Is there a way to find its hostname (if it's a Windows PC - so I can see if it's a legit device)? Help? :) |
jwil1 (65) | ||
| 869905 | 2010-03-25 08:09:00 | You could block the MAC address and then see who complains. | Jen (38) | ||
| 869906 | 2010-03-25 08:30:00 | Re the last point-- you can try IPScanner (www.eusing.com), you set it to the ip range you are using, and it should give you the IP Address / host name / Mac Address -- Example Part Of my LAN (www.imagef1.net.nz) | wainuitech (129) | ||
| 869907 | 2010-03-25 08:37:00 | What sort of switch do you have? I think some of the fancier ones will tell you which physical port has which IP address and/or MAC address active on it. | somebody (208) | ||
| 869908 | 2010-03-25 08:52:00 | Or try using Wireshark (http://www.wireshark.org/) to try and see what this IP number is doing on the LAN. | johnd (85) | ||
| 869909 | 2010-03-25 09:07:00 | Have you tried putting the IP into a browser and see if it has a web config or similar? Perhaps someone has connected a wireless access point or printer? |
CYaBro (73) | ||
| 1 | |||||