lost9999 Posted March 1, 2008 Author Posted March 1, 2008 at cmd type nslookuptype set q=ptrtype 192.168.1.5theres your answer hopefullyping -a does do a ptr lookup on the IP address. He stated that didn't work, hence 192.168.1.5 doesn't have a ptr (or a forward A) record.I ran the commands and got this message "serverFQDN cant find 5.1.168.192. in-addr.arpa.: Non-existant domain"
jaclaz Posted March 1, 2008 Posted March 1, 2008 Why you don't try using Netscan (FREEWARE):http://www.softperfect.com/products/networkscanner/it will list everything in your local network and allow you to connect to each found IP with a number of protocols.jaclaz
lost9999 Posted March 1, 2008 Author Posted March 1, 2008 Why you don't try using Netscan (FREEWARE):http://www.softperfect.com/products/networkscanner/it will list everything in your local network and allow you to connect to each found IP with a number of protocols.jaclazI did run that scanner. It found the .5 address. However, I couldnt open as a page, telnet, see a mac address or anything associated with it. It looked promising when I did the scan but didnt help me with this .5 IP.
cluberti Posted March 1, 2008 Posted March 1, 2008 I did run that scanner. It found the .5 address. However, I couldnt open as a page, telnet, see a mac address or anything associated with it. It looked promising when I did the scan but didnt help me with this .5 IP.Wow - that's pretty locked down. Could it be a switch or router, or some other sort of network equipment?
eyeball Posted March 2, 2008 Posted March 2, 2008 ok its a long shot but here is what i would do if i really couldnt get onto the device,1) stay late one night2) start a constant ping to that IP3) socket by socket, switch off all of the electrical equipment in the building and see if that ping holds up4) when it doesnt you may be a little closer to finding out what it is lol
cluberti Posted May 26, 2009 Posted May 26, 2009 Well, if you have Cisco switches, you can find out what port certain MAC addresses belong to - assuming you do know the valid MAC addresses of the other IPs on the network, you could just look for any unknowns in the list. Just use the command show mac-address-table from the switch's IOS console. You could also use switchminer or NeDi to map out the network as well (both open-source apps that are free as in beer).
JustinStacey.x Posted May 27, 2009 Posted May 27, 2009 Here's how I'd do it.Use Active Directory to find out each person's username. (this assumes you know who works in your organisation...)Then look on the server for that person's username in the 'security' log in the eventviewer, for when their machine logged onto the domain. The logs should tell you the IP address they currently have in the DHCP lease.You can then get onto the machine by going \\ipaddress\c$If this wasn't what you were looking for, apologies. I used that process recently to get onto someone's computer after receiving a report of suspicious internet activity. I needed to investigate it unknown to them so I had to find out how to get onto the machine without them knowing, using just what I had on the server. The above method starting with AD finally gets you there.
luke.mccormick Posted May 27, 2009 Posted May 27, 2009 You could get a mac address by pinging it, then doing an arp -a.do a lookup on the vendor ID of the mac. This will give you an idea of what brand the product is, and probably narrow your search a bit more.
rendrag Posted May 29, 2009 Posted May 29, 2009 You could get a mac address by pinging it, then doing an arp -a.do a lookup on the vendor ID of the mac. This will give you an idea of what brand the product is, and probably narrow your search a bit more.that will just give the vendor of the NIC, which is not always the vendor of the product.
cluberti Posted May 29, 2009 Posted May 29, 2009 You could get a mac address by pinging it, then doing an arp -a.do a lookup on the vendor ID of the mac. This will give you an idea of what brand the product is, and probably narrow your search a bit more.that will just give the vendor of the NIC, which is not always the vendor of the product.Agreed, hence finding out what switch port it's on removes some of that ambiguity assuming it's wired to the network. Just follow the patch cable.
DigeratiPrime Posted May 30, 2009 Posted May 30, 2009 Lock nmap on that IP address full port and service sweep make it so. Also was going to suggest looking into the MAC Vendor ID, I recently did that to identify a cell phone on a wireless network.Another thing I've seen people do is arp spoofing, not a fan of it though...This is why I like 802.1x
gamehead200 Posted May 30, 2009 Posted May 30, 2009 No wonder it's so locked down... It's probably one of these: http://www.facepunch.com/showthread.php?t=604891Though, you probably would have realized it by now...
Leno Posted December 22, 2009 Posted December 22, 2009 Hey sorry dude but thats my IP address? how did you get it anyway? and what do you want? I dont use someone elses Wifi. i have my own.
nitroshift Posted December 22, 2009 Posted December 22, 2009 Hey sorry dude but thats my IP address? how did you get it anyway? and what do you want? I dont use someone elses Wifi. i have my own.If you mean the script in gamehead200's signature, relax, as nobody else apart from you can see it. It is a script from danasoft.com, have a look and you will understand And welcome to THE forums
Tripredacus Posted December 22, 2009 Posted December 22, 2009 How come no one said to search for that IP in the DHCP logs?Also, you could also set a reservation for that IP, and assign it to a known PC or a false hardware address. Then wait for something to stop working. Of course, if its a static IP set somewhere, or if its a hardware device, you could end up taking down your email or internet access, or firewall or whatever else.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now