![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
If you have an IP address, how do you find the physical computer?
- Thread starter Sometwo
- Start date
You could just hit it with nslookup to get the name of the computer (Go to a command prompt and type nslookup 0.0.0.0 where 0.0.0.0 is the actual IP address.) This is of course assuming you have a standard naming convention for your computers, by the room name or by the user's name for a single user workstation.
If you need the MAC address, go to a command prompt, ping the IP in question, then do arp -a. It will be listed there in the arp cache.
If you're certain the user is causing problems, you could just dameware the machine, lock it, and wait for them to call. Some people consider this too aggressive, but to me there are situations where it's appropriate.
The latter could not even be an option if this is not an active directory environment or if you're not an enterprise admin, domain admin, or admin of this machine in question.
If you need the MAC address, go to a command prompt, ping the IP in question, then do arp -a. It will be listed there in the arp cache.
If you're certain the user is causing problems, you could just dameware the machine, lock it, and wait for them to call. Some people consider this too aggressive, but to me there are situations where it's appropriate.
The latter could not even be an option if this is not an active directory environment or if you're not an enterprise admin, domain admin, or admin of this machine in question.
Similar to what the previous poster said...
Find the MAC address of the machine in the ARP cache on your switch/switches and it will tell you what port the device is connected to, which should be mapped to a specific port on a patch panel, which in turn should be mapped to a specific physical location within your organization.
Find the MAC address of the machine in the ARP cache on your switch/switches and it will tell you what port the device is connected to, which should be mapped to a specific port on a patch panel, which in turn should be mapped to a specific physical location within your organization.
MIRTBelGeran
Weaksauce
- Joined
- Apr 28, 2006
- Messages
- 126
nbtstat is also a good command line. This can get you the MAC address.
Haven
Supreme [H]ardness
- Joined
- Oct 11, 2002
- Messages
- 6,469
You can also do a ping -a to get a reverse lookup on the name if it is in DNS. With Active Directory it should be, at least in a Windows Environment.
If you do not have a standard in place for naming conventions then that won't help you track down the physical machine.
So, the quickest and most reliable way is to go straight to the network. Your switches will give you the answer to this riddle quicker than any other device...
What exactly would you do if the address was being spoofed? Say you were infected by a worm like Slammer and the source address was being spoofed, but there was a constant stream of packets. What commands would you type in the a Cisco network device?
First things first, what you need is switch level access to the network, so you can find out which port the offender is on.
After that, a good map of your location that coorisponds to the network ports on your switch should allow you to track them down and nuke 'em.