Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: identify a machine

identify a machine 8 years 11 months ago #24374

  • venusdoom
  • venusdoom's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Hi,

I'm newbie in networking.I received a case were need to locate a machine(with given ip address).this machine performed query toward our cluster nodes,which affect the nodes performance.need to locate the ip before disconnect the machine from acess the network. thing is when i did simple ping, its unreachable/request time out.i used an ip locator, but the it unable to locate the address.
The administrator has disabled public write access.

Re: identify a machine 8 years 11 months ago #24389

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Sounds like the IP address may be spoofed. I am guessing that the address is coming from a subnet within your network ? Where are you noticing the address (i.e. is it on a device on the same subnet) ?

If its on the same subnet, look at the ARP cache on that machine to try and identify the MAC address. It may be that this hasn't been spoofed and can help to identify the host in question using the Datalink LAyer address.

If the address is from a routed subnet, you will need to locate your Next Hop Gateway on that subnet where the rogue IP Address is coming from and check the ARP cache on that to try and identify it.

If it isn't showing up, then it may be being spoofed from a host on a completely different subnet. If thats the case you can add access-lists to ensure that spoofed traffic cannot come from other subnets to try and help mitigate (a little) from this.

i.e. if you have a subnet 192.168.0.0/16, on the router attached to this subnet you could have a few access lists to block traffic from anything other then this address range. It may be a little OTT on the internal network but this practice should be applied on the Ingress/Egress of you Internet facing firewall/router. Its known as RFC1918 filtering
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: identify a machine 8 years 11 months ago #24400

  • GTM
  • GTM's Avatar
  • Offline
  • Frequent Member
  • Posts: 77
  • Karma: 0
Im quite new to this myself so if this is useless info to you sorry :) one thing i would do if i cannot route to a particular host would be to add a static route on the machine im pinging from or RDP onto a box i know can access all areas of our network say for example a DNS or DHCP server and try the connection from there.
The administrator has disabled public write access.

Re: identify a machine 8 years 11 months ago #24537

  • ramasamy
  • ramasamy's Avatar
  • Offline
  • Frequent Member
  • Posts: 67
  • Karma: 0
Hi,

If the IP addresss is in your LAN segment then place the system on the same segment and try to ping the IP address even though you are not getting the replay.

Then execute the command arp -a in the command prompt.

you will get the MAC address of that system.

Loging to you core switch and execute the command

show mac-address-table | include 000e.d861.2b27 (mac address which you got)

you can see the entry on the trunk interface. Check which access switch is connected to that port and execute the same command in the Access switch.

Now you will get the port to which the system is connected and now you can shutdown the port.
The administrator has disabled public write access.

Re: identify a machine 8 years 11 months ago #24655

  • Mirghani
  • Mirghani's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
if you have a good naming system for you computers in the network you can use ping -a to identify the computer name.
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup