Sign in to follow this  
Followers 0
Geoffrey B.

Need to find computer name from MAC address

16 posts in this topic

Ok so here at the company i work for we have determined that someone has been doing things they should not with the computers and all i had was an ip address and a MAC address and i have tried ARP and NBTSTAT and i am unable to get the computer name from either of the numbers is there another way that i can find the computer name from either the IP address or MAC address.

Share this post


Link to post
Share on other sites

Depends on how your network is set up.

are IP's static for machines? if so, check DNS on the server.

What about logs for the switches? you'll be able to see from them presumably

Share this post


Link to post
Share on other sites

Depending on your network setup you could also Browse the computer using a domain admin account etc.

Just go to any computer and type \\ipadd\c$ in the address bar of explorer.

This should let you browse the mydocuments folder which should give you enough information to figure out where they are.

Share this post


Link to post
Share on other sites

^^ More simple than i was thinking. :D

Share this post


Link to post
Share on other sites

Have you tried nslookup?

Go to a command terminal and type nslookup ipaddress, it should resolve the computer name.

I hope that helps!

Share this post


Link to post
Share on other sites

the IPS are dynamic for most machines. and we do not have good enough equipment for logs.

Share this post


Link to post
Share on other sites

also "ping -a IP.Ad.dr.ess." may resolve the hostname which the IP belongs to. but thats only assuming the DNS reverse lookup tables are working correctly AND they still hold the same IP :/

Share this post


Link to post
Share on other sites

http://www.coffer.com/mac_find/ may help you at least determine what kind of device it is.

You really have no WINS, DNS, or DHCP servers? most logs here are small and will often tell hostname requesting the info.

Do you have managed switches to set up port mirroring or if connected to a hub or at least if managed. Disconnect them or thier lan segment as last resort.

You can sniff the traffic.

If you can't get the Hostname using a NBTSTAT -a xxx.xxx.xxx.xxx (replaces x with ip) then the box is either firewalled. Does not respond to because it isnt a PC might be like a router, switch , printer etc.

try http or https to the hosts IP

attempt to telnet to it

try SSH to it.

lastly GO look for strange devices or PC

Share this post


Link to post
Share on other sites

is your dhcp server a box (computer, windows, linux) or a router (cisco, netgear, etc.)?

If its a windows or linux box, you can look up the host name in the dhcp scope. If you have absolutely no idea what the box is, or who it is, then run nmap on it to see what ports the machine has open and what the make of the network card is. usually that might point you in the right direction.

if all else fails, kick them from the network or quarantine them, and first person who comes and bitches about it, is the culprit.

Share this post


Link to post
Share on other sites

We know that it is a Dell computer, We know that it has to be wired in (our wireless network has a different IP set) and we know what the MAC address is. Also we know there is no current computer on the network that has the ip address that it had when it was causing problems. I think i might just have to go from computer to computer and check their mac addresses.

Share this post


Link to post
Share on other sites
We know that it is a Dell computer, We know that it has to be wired in (our wireless network has a different IP set) and we know what the MAC address is. Also we know there is no current computer on the network that has the ip address that it had when it was causing problems. I think i might just have to go from computer to computer and check their mac addresses.

Block the MAC and see who complains they can't access the network.

Share this post


Link to post
Share on other sites

id go with this alternative

Block the MAC and see who complains they can't access the network.

Share this post


Link to post
Share on other sites

"to go from computer to computer and check their mac addresses. "

Why is that? And why do you need the name? Are you switches not managed? On a managed switch you can always track down what port a mac address is connected too.. Even if the cheapest smart switches support this.

For example from $80 my home gig switch!

post-14624-1247153123_thumb.jpg

Ports with more than one mac address on them have downstream switches connected, etc.

finding what port a mac is connect to on cisco swith is as easy as

show mac-address-table | inc partofmacaddress

Once you no the port -- go to that port and follow the wire and you have your computer ;)

Share this post


Link to post
Share on other sites
...

if all else fails, kick them from the network or quarantine them, and first person who comes and bitches about it, is the culprit.

Block the MAC and see who complains they can't access the network.

Great minds think alike.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.