Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to find a changing IP on ethernet network

From: jamesworld () intelligencia com
Date: Fri, 20 Feb 2004 19:41:59 -0600
Ivan,
ARP is your friend. From a command prompt Run: arp -a Then ping all the addresses on your network. They should all be alive. Then from a command prompt : arp -a 

You will see the IP addresses and the MAC/Physical addresses

Something like this:
C:\>arp -a

Interface: 10.211.112.133 --- 0x2
  Internet Address      Physical Address      Type
  192.168.12.1           00-08-6b-f6-e1-be     dynamic
  192.168.12.13         04-80-48-d7-23-fe     dynamic
  192.168.12.14         01-67-97-b4-a8-9f     dynamic
Then, when a problem is reported, do the same thing. Check the arp table and see who is the same and who is different. If you know who is supposed to have the IP, check the arp table on their machine. Check the event log, it might say something in there and in the details have the MAC address (maybe).
When you see the IP and physical address enough times, you should be able to identify the MAC address that keeps shifting IP's. That is the machine that is changing IP's.
Run a : nbtstat -A IP.add.re.ss You will see the MAC address at the bottom and in the table something like this: 

MJONES          <03>  UNIQUE      Registered
The name with the <03> is the user name of the person logged in. If everyone is logged in as administrator, then it makes it more challenging. Then you would go to each computer and run: ipconfig /all 

A line will say:

   Physical Address. . . . . . . . . : 04-80-48-D7-23-FE
That is the MAC address of that machine. Create a table of who's machine has what MAC address and you will then have a name associated with the MAC addresses. Now it's up to you to catch them. 

Good hunting!

-James

At 08:54 02/20/2004, Ivan Andres Hernandez Puga wrote:
Hello. I have a client with a simple Ethernet network with HUB's connecting and there is one person that is changing it's IP and creating conflicts. What would you do to track down that person? i mean, to find who does that? 
Thanks!
Ivan Hernandez


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: