# Solved: There are unknown IP & Mac Addresses on my network, HELP!



## ladex142 (Jun 7, 2006)

Hello everybody!

I have various unknow Mac addresses on my network, I need help detecting if they are normal/non harmful OR if I've been hacked! I've uploaded a picture of the addresses, the second to the last address is my router's.


----------



## smittygeek4273 (Mar 18, 2011)

is there a wifi module in your router? if so is it encrypted?


----------



## smittygeek4273 (Mar 18, 2011)

download packet trap from cnet to test thier status and figure out their location


----------



## etaf (Oct 2, 2003)

can we have some details of the network and what you have connected - make and models may help

this program will go out a report back all IPs and Mac on the network

*------------------------------------------------------------------------*
* Find all devices on the network *

Free Network Scanner Software 
It will detect all network devices in your network with it's IP and MAC Addresses.
http://www.radmin.com/products/ipscanner/

*------------------------------------------------------------------------*


----------



## ladex142 (Jun 7, 2006)

I downloaded the packet trap and didn't know how to get anything out of it, lol......It's just a home wireless router with 3 laptops connected at most, and I know their IP & MAC addresses. I've been experiencing strange happenings with my connection lately, like getting kicked out of connection to the internet, which I had to reset the router to get that fixed after trying everything that I could! I downloaded Zamzom wireless network tool and I discovered various connections that I don't know of.....


----------



## TerryNet (Mar 23, 2005)

Is your network secured (WPA or WPA2 encryption)? It should be.

What did the radmin program show?


----------



## ladex142 (Jun 7, 2006)

etaf said:


> can we have some details of the network and what you have connected - make and models may help
> 
> this program will go out a report back all IPs and Mac on the network
> 
> ...


IPscanner has not discover the IPs that was discovered by Zamzom tool (which does the same thing as IPscanner), I'll keep scanning to see if something shows up.


----------



## ladex142 (Jun 7, 2006)

TerryNet said:


> Is your network secured (WPA or WPA2 encryption)? It should be.
> 
> What did the radmin program show?


My router only supports up to WPA, which I'm using at the moment. Would you recommend that I get a new router that supports WPA2?


----------



## sludge3000 (Oct 9, 2008)

Have you checked the IP address and MAC of your Router? 
192.168.1.1 - Most likely routers IP address assuming it is using 192.168.1.0 network.
192.168.1.255 - Broadcast address for your home network assuming home network is 192.168.1.0.

224.0.0.22 + 224.0.0.252 - Multicast addresses used by IGMP and LLMNR respectively as explained > http://en.wikipedia.org/wiki/Multicast_address

239.255.255.250 - Multicast address used by SSDP > http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol

Can I ask what application highlighted these addresses to you? If it was a network scanner I would expect the IP's of your other computers to be on there as well. A screen shot of the full window would be good as the one you provided has cut off the title of the window.


----------



## rodcarty (Mar 23, 2011)

I think those IP addresses and MACs that look foreign are IPv6 numbers.
http://www.coffer.com/mac_find/?string=01:00:5e
If that's a Linksys or similar router (Linksys typically will use the IP address you show) you can get a DHCP client list from it and that's what you should be concerned about as far as other computers sharing your Internet connection.


----------



## ladex142 (Jun 7, 2006)

sludge3000 said:


> Have you checked the IP address and MAC of your Router?
> 192.168.1.1 - Most likely routers IP address assuming it is using 192.168.1.0 network.
> 192.168.1.255 - Broadcast address for your home network assuming home network is 192.168.1.0.
> 
> ...


192.168.1.1 - Yes, it's my router's IP
If the others are not harmful, then it leaves only this IP & MAC unexplained *192.168.1.255 FF-FF-FF-FF-FF-FF*
I used Zamzom Wireless Network Tool


----------



## sludge3000 (Oct 9, 2008)

*192.168.1.255 FF-FF-FF-FF-FF-FF*

As I said in my post, this is the broadcast address for your home network. 
Brief explanation:
Your home network is 192.168.1.0/24 (subnet mask is 255.255.255.0). This means that there are 256 IP addresses available to your home network (192.168.1.0 - 168.168.1.255) however two of these addresses are unusable. 192.168.1.0 is the network number and so cannot be assigned to an individual machine. 192.168.1.255 is the broadcast address for your network which means that any information sent to this address will be received by every computer on the network, and so it also cannot be assigned to an individual machine.

Hope this clears things up and don't forgot to mark this thread as solved if you have no further questions.


----------



## ladex142 (Jun 7, 2006)

sludge3000 said:


> *192.168.1.255 FF-FF-FF-FF-FF-FF*
> 
> As I said in my post, this is the broadcast address for your home network.
> Brief explanation:
> ...


Thanks for clearing things up, but I have one last question. Can you please explain why I keep seeing these two router network, Norton Network Map also keeps showing them......I use a netgear router


----------



## TerryNet (Mar 23, 2005)

WPA (with a strong passphrase) has never been cracked, so there is no need to upgrade to use WPA2.

I've tried that Advanced IP Scanner etaf recommended, and it seems to be pretty fast and accurate.

I'm guessing those two routers that show on your post # 13 attachment are routers whose wireless networks you can detect. Unless and until you connect to them they are not on _your _network. Sometimes in my (Windows 7) Network folder I see a router that is supposedly on my network; but it can't be--its signal is too weak for a connection and I do not know the encryption key.


----------



## ladex142 (Jun 7, 2006)

Okay, I think I can stop worrying now, thanks guys for the help!


----------



## rodcarty (Mar 23, 2011)

ladex142 said:


> I downloaded the packet trap and didn't know how to get anything out of it, lol..


Packet capture programs won't show what's happening on the whole network unless you are using a hub not a switch. A switch will only show you the traffic to and from your computer plus local broadcast traffic.


----------



## rodcarty (Mar 23, 2011)

ladex142 said:


> Thanks for clearing things up, but I have one last question. Can you please explain why I keep seeing these two router network, Norton Network Map also keeps showing them......I use a netgear router


You are seeing neighbors' wireless networks as well as your own. you can safely ignore them.


----------

