Hello,
There is a host on our network, that we supposedly replaced months ago, but for some reason is still pingable. When you ping the host name the IP address that comes back is on a subnet that is reserved for our ARUBA RAP users who work out of their home offices. If you try to reverse the IP in nslookup, no result is returned. Is there a way that I could ID this host, just by its IP address? I would like to get some details about the OS running, maybe some bios settings that would give me the serial number. Any advice would be greatly appreciated.
Can you scan it with nmap?
Can you connect to it, via IP address, using the 'net use' command?
Thanks a lot. I am able to scan it via nmap. how can I leverage nmap to get the serial number of the machine?
how can I leverage nmap to get the serial number of the machine?
I did ask two questions. I'm thinking that if you can answer the second one, that might provide an answer to this question.
I was excited by the subject line! Alas, it was only a typo. lol
At any rate, without knowing anything about your network, you might try something like this
(1) "traceroute" to the IP
This should allow you to identify the subnet and last router the IP is on.
(2) Capture ethernet traffic directly from the indicated subnet while you "ping" the IP
This should show you the machine ethernet MAC address.
If the subnet is small enough, check all the MAC addresses for the offending party (ifconfig/ipconfig).
Alternatively, assuming you have a DHCP server, check the logs for the IP and MAC.
If your network has a bunch of switches, you may have to repeat the Ping/MAC check on each switch.
Good Luck!
