# Tracking Down Unknown IP Address



## nsandestin (Jun 28, 2006)

Hi, 

Is there anyway to track down who/what/where an IP Address is connected to by only having the IP address. I know that it can't me physically where but something to tell me what type of device is using it would be very helpful. I just started working for a company and there are a few static IP addresses that no one knows what/who/where they belong to. I tried using LANSurveyor but it wouldn't return any data on the end systems. Besides unplugging them from the switch and waiting for something to crash/someone to scream, does anyone have anyother suggestions on how to track this down?

Also, I used a tracert command and that didn't return anything either...

Thanks for the help!

Noah


----------



## StumpedTechy (Jul 7, 2004)

Try the nbtstat command?
Run SNMP trap on the IP to see if it gives you any information on the device connected?
Try connecting to the IP with a web browser and see if it has any web interface?


----------



## nsandestin (Jun 28, 2006)

No luck....


----------



## mf-tech (Jun 28, 2006)

If you use StumpedTechy's suggestion, using nbtstat -A xxx.xxx.xxx.xxx it will return the machine's name(1st entry) and MAC address(at bottom), that is, if it is a computer. The name may give you a clue to where the device is located. If there is no name then it is most likely a network device. Using the MAC address, you can go to the following website to find the vendor associated with the MAC. http://www.coffer.com/mac_find/ Sometimes knowing the vendor of the network card can point you to the computer.
Hope it works in finding the needles in the haystack.


----------



## Squashman (Apr 4, 2003)

If it is a computer that logs into a Domain on Netware network, you could create a login script that tells you computer name, login name, etc, etc....

I would also run a little program called NBTscan to see what info it comes up with.


----------



## axis77 (Aug 31, 2004)

if this ip is on your local domain or network then why not ping it with -a to see if comes back with a name if its a pc ex. ping -a 192.248.564.54...if its a device like router, switch, or printer well have fun with that....also this company you work for does have a list of all ips being used....


----------



## O111111O (Aug 27, 2005)

Do all of the above, then download nMAP from sourceforge.

nmap -sS -O xxx.xxx.xxx.xxx will tell you what TCP ports it's listening on, attempt OS detection, and if it's a winders machine will tell you what release/hostname/etc.


----------

