Jump to content

DHCP Mystery (192.168.1.5)


lost9999

Recommended Posts

at cmd type nslookup

type set q=ptr

type 192.168.1.5

theres your answer :) hopefully

ping -a does do a ptr lookup on the IP address. He stated that didn't work, hence 192.168.1.5 doesn't have a ptr (or a forward A) record.

I ran the commands and got this message "serverFQDN cant find 5.1.168.192. in-addr.arpa.: Non-existant domain"

Link to comment
Share on other sites


Why you don't try using Netscan (FREEWARE):

http://www.softperfect.com/products/networkscanner/

it will list everything in your local network and allow you to connect to each found IP with a number of protocols.

jaclaz

I did run that scanner. It found the .5 address. However, I couldnt open as a page, telnet, see a mac address or anything associated with it. It looked promising when I did the scan but didnt help me with this .5 IP.

Link to comment
Share on other sites

I did run that scanner. It found the .5 address. However, I couldnt open as a page, telnet, see a mac address or anything associated with it. It looked promising when I did the scan but didnt help me with this .5 IP.
Wow - that's pretty locked down. Could it be a switch or router, or some other sort of network equipment?
Link to comment
Share on other sites

ok its a long shot but here is what i would do if i really couldnt get onto the device,

1) stay late one night

2) start a constant ping to that IP

3) socket by socket, switch off all of the electrical equipment in the building and see if that ping holds up

4) when it doesnt you may be a little closer to finding out what it is lol

:)

Link to comment
Share on other sites

  • 1 year later...

Well, if you have Cisco switches, you can find out what port certain MAC addresses belong to - assuming you do know the valid MAC addresses of the other IPs on the network, you could just look for any unknowns in the list. Just use the command show mac-address-table from the switch's IOS console. You could also use switchminer or NeDi to map out the network as well (both open-source apps that are free as in beer).

Link to comment
Share on other sites

Here's how I'd do it.

Use Active Directory to find out each person's username. (this assumes you know who works in your organisation...)

Then look on the server for that person's username in the 'security' log in the eventviewer, for when their machine logged onto the domain. The logs should tell you the IP address they currently have in the DHCP lease.

You can then get onto the machine by going \\ipaddress\c$

If this wasn't what you were looking for, apologies. I used that process recently to get onto someone's computer after receiving a report of suspicious internet activity. I needed to investigate it unknown to them so I had to find out how to get onto the machine without them knowing, using just what I had on the server. The above method starting with AD finally gets you there.

Link to comment
Share on other sites

You could get a mac address by pinging it, then doing an arp -a.

do a lookup on the vendor ID of the mac. This will give you an idea of what brand the product is, and probably narrow your search a bit more.

that will just give the vendor of the NIC, which is not always the vendor of the product.

Link to comment
Share on other sites

You could get a mac address by pinging it, then doing an arp -a.

do a lookup on the vendor ID of the mac. This will give you an idea of what brand the product is, and probably narrow your search a bit more.

that will just give the vendor of the NIC, which is not always the vendor of the product.

Agreed, hence finding out what switch port it's on removes some of that ambiguity assuming it's wired to the network. Just follow the patch cable.

Link to comment
Share on other sites

Lock nmap on that IP address full port and service sweep make it so. :w00t:

jean-luc-picard.gif

Also was going to suggest looking into the MAC Vendor ID, I recently did that to identify a cell phone on a wireless network.

Another thing I've seen people do is arp spoofing, not a fan of it though...

This is why I like 802.1x :ph34r:

Link to comment
Share on other sites

  • 6 months later...
Hey sorry dude but thats my IP address? how did you get it anyway? and what do you want? I dont use someone elses Wifi. i have my own.

If you mean the script in gamehead200's signature, relax, as nobody else apart from you can see it. It is a script from danasoft.com, have a look and you will understand :) And welcome to THE forums :hello:

Link to comment
Share on other sites

How come no one said to search for that IP in the DHCP logs?

Also, you could also set a reservation for that IP, and assign it to a known PC or a false hardware address. Then wait for something to stop working. Of course, if its a static IP set somewhere, or if its a hardware device, you could end up taking down your email or internet access, or firewall or whatever else.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...