Security Basics mailing list archives
RE: Identifying a computer
From: Dean Davis <Dean.Davis () mbg-inc com>
Date: Mon, 8 Dec 2003 13:39:48 -0500
If it's a Windoze box, try "nbtstat -a ip_address" and see if a useful name returns. This assumes that the typical Windoze NetBIOS-related ports are accessible. Otherwise, the prior MAC-suggestion is a solid option. Thanks, Dean Davis, MCSE,MCDBA,CCNA,CNA,N+,Linux+ Sr. Network Engineer MBG, Inc. 370 Lexington Avenue New York, NY 10017 P. 212.822.4429 F. 212.822.4499 http://www.mbg-inc.com -----Original Message----- From: Jimi Thompson [mailto:jimit () myrealbox com] Sent: Saturday, December 06, 2003 3:29 PM To: security-basics () securityfocus com Subject: Re: Identifying a computer You could try the old standby of turning off their port and waiting to see who complains about suddnely not being able to get email/surf/etc. In situations where things are labled sufficiently, I have found this tactic to be highly effective, if a bit lo-tech. HTH, Jimi McGill, Lachlan wrote:
You should be able to determine their mac address from your local arp table and then check this mac address against the switch's arp table to see what switch port it is connected to. From this information, you should then be able to trace that port and cable connection to what data point they are connected to on the floor. I hope your network is not too large to achieve this easily. :-) -----Original Message----- From: Cheetah [mailto:cheetahx () online no] Sent: Thursday, 4 December 2003 2:38 AM To: security-basics () securityfocus com Subject: Identifying a computer Hello. I am helping the sysadmin on my local LAN to manage the network, etc. We have limited internet-bandwidth, and therefore it is necessary to make sure no-one is taking to much of the bandwidth, as others will not be able to use the internet connection. For the last 2 days, a new IP has appeared, and it is constantly using a lot of bandwidth. We have a linux-server running DHCP, DNS and the internet-connection. I have checked the dhcpd.leases file, but the IP isn't there. I have also tried to ping and scan this IP, but the computer is running a strong firewall, shows no open ports and doesn't even respond to pings. Is there any way I can get some information out of this computer without running around and asking everyone what their IP is? Tore ----------------------------------------------------------------------- ---- ---------------------------------------------------------------------------
-
----------------------------------------------------------------------- ---- ---------------------------------------------------------------------------
-
--------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Identifying a computer Mike (Dec 03)
- Re: Identifying a computer Paul Kurczaba (Dec 04)
- <Possible follow-ups>
- RE: Identifying a computer McGill, Lachlan (Dec 04)
- Re: Identifying a computer Jimi Thompson (Dec 08)
- FW: Identifying a computer Alex Pimperton (Dec 04)
- RE: Identifying a computer Batkin, Seva (Dec 04)
- RE: Identifying a computer Shawn Jackson (Dec 04)
- Re: Identifying a computer gregh (Dec 04)
- RE: Identifying a computer JAVIER OTERO (Dec 04)
- RE: Identifying a computer Dean Davis (Dec 08)