I cannot find a device on my network...

M

Merlin

Expert Member
Joined
Jan 18, 2006
Messages
2,793
Reaction score
323
Location
Cape Town, South Africa
Hi all,



I admin' a network for a SME. There is nothing fancy here... Windows 2008 R2 DCs. The PDC is the DHCP server.

IPs 1-10 are Pooled.

Last week I discovered that I was not able to use the IP address .8.

I ran the ARP command and blocked the resulting MAC address and then blocked the IP in our firewall, so that it has no 'net access.

This device has clearly not been rebooted/refreshed, because I am still able to ping .8.

I am unable to access the address via an Admin' share and a Remote Registry check does not reveal any Logged-On users.

Do any of you have any suggestions as to how else I might identify this device, please?

Thank you.



Kind regards,

Nic
 
Run a port scanner... Nmap perhaps, which should help you determine what it is, and what services are running. You should also be able to google the MAC address to determine the manufacturer which should help to narrow it down.
 
Are we talking a sever or desktop or some other device?

What OS ?
 
Thanks chaps. I'll check out Nmap.

I read about that server a few years ago, Sinbad. Crazy stuff.

Necropolis, I have no idea what it using the IP.
 
Try and RDP into it? - Assuming you have admin access.

Then eject the CD tray.
 
Necropolis said:
Are we talking a sever or desktop or some other device?

What OS ?
Click to expand...

LOL... obviously he does not know that yet.


I have a tool called netscan that will give a list of everything on the network.
https://www.softperfect.com/products/networkscanner/

Be careful, it could be an interface on your router. Could also be a virtual machine running on another machine.

Also with the ping... if its high then you know its wifi otherwise its cable. I think you did the right thing though... block it and wait and see who gets back to you.
 
Nerfherder said:
LOL... obviously he does not know that yet.
Click to expand...

Well he did say "I am unable to access the address via an Admin' share and a Remote Registry" - So clearly he knows it is a windows machine...

Thought maybe he had a version from that info above...

Not a stretch of the imagination.
 
trace the network cable to the device the .8 ip is attached to..? i imagine you know which switchport it is connected to..
 
It definitely has nothing to do with the routers and all of our WiFi APs on a different, Pooled range.

The Ping response is low.

It's been a week and I've not heard from any users, hence my frustration. :D
 
Necropolis said:
Well he did say "I am unable to access the address via an Admin' share and a Remote Registry" - So clearly he knows it is a windows machine...

Thought maybe he had a version from that info above...

Not a stretch of the imagination.
Click to expand...

OK missed the share part.
 
I don't know if it is a Windows machine. I've just been going through the steps that I can think of, to try and access the device, Necropolis. :)

The building and network is far too large to trace cables. Also, we inherited a cabling nightmare here (we're outsourced)...
 
Merlin said:
I don't know if it is a Windows machine. I've just been going through the steps that I can think of, to try and access the device, Necropolis. :)

The building and network is far too large to trace cables. Also, we inherited a cabling nightmare here (we're outsourced)...
Click to expand...

No problem them :D Get the outsource partner to sort it :D
 
Sinbad said:
Check for servers bricked up in closed-off wallspaces/closets



http://www.theregister.co.uk/2001/04/12/missing_novell_server_discovered_after/
Click to expand...

Friend of mine at BCX found something like that.

They found a PC in a locked room, it had power and a network cable. Lights on the NIC were flashing so it was on the network and it was doing something. No one knew anything about it and why it was there or for how long. Everyone was too scared to turn it off just in case it was important. Couldn't actually tell what it was connected to either... it just went into a mess of cables.

I have seen similar things at one of the places I worked. Just makes you think, I wonder how many devices like that are out there. Just chilling, long forgotten..
 
I am the outsourced partner. ;)

Greg,

Your WireShark link is a fantastic tool! Thanks.

I have identified the device as a legacy switch. At least I now have an idea of where & what to look for. :)
 
Nerfherder said:
Friend of mine at BCX found something like that.

They found a PC in a locked room, it had power and a network cable. Lights on the NIC were flashing so it was on the network and it was doing something. No one knew anything about it and why it was there or for how long. Everyone was too scared to turn it off just in case it was important. Couldn't actually tell what it was connected to either... it just went into a mess of cables.

I have seen similar things at one of the places I worked. Just makes you think, I wonder how many devices like that are out there. Just chilling, long forgotten..
Click to expand...

I knew a company well into the 2000s that had an archaic 386, stashed away in a dusty room that time forgot. It was functioning as a mail router and the techies were quite content to let it hum away until time got the better of it. I wonder if it is still going...
 
Merlin said:
I am the outsourced partner. ;)

Greg,

Your WireShark link is a fantastic tool! Thanks.

I have identified the device as a legacy switch. At least I now have an idea of where & what to look for. :)
Click to expand...

No problem - glad it helped.

It's helped me track down many a device where people have no idea what it is or where to even start looking.

If its a managed switch try ssh or telnet ing to it. If its unmanaged hopefully you can find a old switch lurking around in the server room.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X