Find Hostname when NSLOOKUP fails

[StarTrek4U]

So I've run in to a bit of a problem. I've inherited a network that has over 250 nodes on it, and it basically completely flat and un-managed.

I'm working on sorting out this mess however I've run into a snag, I've got a number of hosts which will respond to ping requests, however they will not return any Hostname or NetBIOS information which makes it rather hard to determine what/where they are. I'm wondering if anyone knows of any tools out there which may assist me in this as my searching so far as turned up pretty much nothing.

Thanks in advance

 

[da sponge]

Connect to the windows PCs through WMI and get the hostname. I don't know exact syntax and details off the top of my head, but it's no more than 20 lines of vbscript.

 

[StarTrek4U]

Connect to the windows PCs through WMI and get the hostname. I don't know exact syntax and details off the top of my head, but it's no more than 20 lines of vbscript.

Chances are good that it isn't even a PC, we have network printers, IP Phones, etc all on the same subnet. All of our PCs register with DNS since they get their addresses via DHCP anyway.

 

[Xipher]

Have you tried using nmap to attempt OS/Service detection? Might give you a better idea of what the hosts are.

 

[da sponge]

Are your switches managed? My old catalyst had the l2trace command - put in an source and destination ip and it would map the route to a physical port. From there you can track that down to the patch panel, which is hopefully labeled nmap is a good bet as well.

 

[StarTrek4U]

Are your switches managed?

If you read the first line of the original post you'll notice that they are not.

I'll have to give nmap a closer look, I was hoping for more of a utility vs a full blown app but maybe I'm not that lucky

 

[da sponge]

If you read the first line of the original post you'll notice that they are not.

I'll have to give nmap a closer look, I was hoping for more of a utility vs a full blown app but maybe I'm not that lucky

I took that to mean there are not controls, no documentation of the network in general - it wasn't completely clear from the context, which is why I asked.

 

[k1pp3r]

Ping -a <IP address>

Or use a network scan tool by softperfect to scan the entire subnet.

 

[StarTrek4U]

I took that to mean there are not controls, no documentation of the network in general

Yeah there's none of that stuff either

I guess sorting this mess out means I've got some job security for awhile however, lol

 

[jpochedl]

NMAP is going to get you a good start... You can use it to scan the entire range of IP addresses your DHCP server hands out...
Use the OS detection option (-O), and at least you'll have a fair chance of figuring out what each device is... Once you know what it is, then you can work on where it is...

IP Phones should be fairly easy to figure out, as they should all have their IP and/or MAC addresses registered with the IP PBX... Printers too, should be registered with their print server (unless clients are connecting directly, but then just pick a couple clients and look at the IP addresses the printers are connected to)... Printers and IP phones are generally easy to figure out where they are, it's the other, odd or rogue devices that are sometimes more difficult to figure out.

Don't forget to redirect the output of NMAP to a text file so you can plow through it at your leisure.

Oh, and don't forget a simple ping sweep will reveal all the MAC addresses (arp -a under windows)... You can get the manufacturer of a device (NIC) simply from the MAC address. http://standards.ieee.org/regauth/oui/oui.txt