Jump to content



Photo

Need to find computer name from MAC address


  • Please log in to reply
15 replies to this topic

#1 Geoffrey B.

Geoffrey B.

    LittleNeutrino

  • Tech Issues Solved: 6
  • Joined: 25-July 05
  • Location: Newark, Ohio
  • OS: Windows 8.1
  • Phone: Nokia Lumia 928

Posted 09 July 2009 - 13:46

Ok so here at the company i work for we have determined that someone has been doing things they should not with the computers and all i had was an ip address and a MAC address and i have tried ARP and NBTSTAT and i am unable to get the computer name from either of the numbers is there another way that i can find the computer name from either the IP address or MAC address.


#2 Grunt

Grunt

    Golden Boy

  • Tech Issues Solved: 1
  • Joined: 11-March 02
  • Location: Scotland

Posted 09 July 2009 - 13:53

Depends on how your network is set up.
are IP's static for machines? if so, check DNS on the server.
What about logs for the switches? you'll be able to see from them presumably

#3 Sophism

Sophism

    Neowinian Senior

  • Joined: 05-December 03
  • Location: Greenbelt, MD

Posted 09 July 2009 - 13:57

Depending on your network setup you could also Browse the computer using a domain admin account etc.


Just go to any computer and type \\ipadd\c$ in the address bar of explorer.

This should let you browse the mydocuments folder which should give you enough information to figure out where they are.

#4 Grunt

Grunt

    Golden Boy

  • Tech Issues Solved: 1
  • Joined: 11-March 02
  • Location: Scotland

Posted 09 July 2009 - 13:59

^^ More simple than i was thinking. :D

#5 norseman

norseman

    Linux and Windows Admin

  • Joined: 26-May 03
  • Location: Toronto
  • OS: Windows 8.1 Pro, Enterprise and CentOS 6.7

Posted 09 July 2009 - 14:02

Have you tried nslookup?
Go to a command terminal and type nslookup ipaddress, it should resolve the computer name.

I hope that helps!

#6 OP Geoffrey B.

Geoffrey B.

    LittleNeutrino

  • Tech Issues Solved: 6
  • Joined: 25-July 05
  • Location: Newark, Ohio
  • OS: Windows 8.1
  • Phone: Nokia Lumia 928

Posted 09 July 2009 - 14:02

the IPS are dynamic for most machines. and we do not have good enough equipment for logs.

#7 vetSi

Si

    Neowinian Senior

  • Joined: 09-April 03
  • Location: UK

Posted 09 July 2009 - 14:05

If you have an IP and and appropriate admin login just use PSLoggedon to find out who they are:

http://technet.micro...s/bb896649.aspx

#8 Grunt

Grunt

    Golden Boy

  • Tech Issues Solved: 1
  • Joined: 11-March 02
  • Location: Scotland

Posted 09 July 2009 - 14:10

also "ping -a IP.Ad.dr.ess." may resolve the hostname which the IP belongs to. but thats only assuming the DNS reverse lookup tables are working correctly AND they still hold the same IP :/

#9 eXtermia

eXtermia

    Neowinian

  • Joined: 25-December 02
  • Location: Germany
  • Phone: Nokia 920 White+ Lumia 1020 64gb Yellow (telephonica no sim lock version)

Posted 09 July 2009 - 15:10

http://www.coffer.com/mac_find/ may help you at least determine what kind of device it is.

You really have no WINS, DNS, or DHCP servers? most logs here are small and will often tell hostname requesting the info.

Do you have managed switches to set up port mirroring or if connected to a hub or at least if managed. Disconnect them or thier lan segment as last resort.
You can sniff the traffic.

If you can't get the Hostname using a NBTSTAT -a xxx.xxx.xxx.xxx (replaces x with ip) then the box is either firewalled. Does not respond to because it isnt a PC might be like a router, switch , printer etc.

try http or https to the hosts IP

attempt to telnet to it
try SSH to it.

lastly GO look for strange devices or PC

#10 fAlCoNNiAn

fAlCoNNiAn

    Upclock Addict

  • Joined: 28-October 03
  • Location: Washington, D.C.

Posted 09 July 2009 - 15:17

is your dhcp server a box (computer, windows, linux) or a router (cisco, netgear, etc.)?

If its a windows or linux box, you can look up the host name in the dhcp scope. If you have absolutely no idea what the box is, or who it is, then run nmap on it to see what ports the machine has open and what the make of the network card is. usually that might point you in the right direction.

if all else fails, kick them from the network or quarantine them, and first person who comes and bitches about it, is the culprit.

#11 OP Geoffrey B.

Geoffrey B.

    LittleNeutrino

  • Tech Issues Solved: 6
  • Joined: 25-July 05
  • Location: Newark, Ohio
  • OS: Windows 8.1
  • Phone: Nokia Lumia 928

Posted 09 July 2009 - 15:18

We know that it is a Dell computer, We know that it has to be wired in (our wireless network has a different IP set) and we know what the MAC address is. Also we know there is no current computer on the network that has the ip address that it had when it was causing problems. I think i might just have to go from computer to computer and check their mac addresses.

#12 Eric

Eric

    Neowinian Senior

  • Tech Issues Solved: 11
  • Joined: 02-August 06
  • Location: Greenville, SC

Posted 09 July 2009 - 15:20

We know that it is a Dell computer, We know that it has to be wired in (our wireless network has a different IP set) and we know what the MAC address is. Also we know there is no current computer on the network that has the ip address that it had when it was causing problems. I think i might just have to go from computer to computer and check their mac addresses.


Block the MAC and see who complains they can't access the network.

#13 Hell-In-A-Handbasket

Hell-In-A-Handbasket

    Neowinian Senior

  • Joined: 30-September 03
  • OS: Win 8.1 Pro, iOS7, OSX 10.7, Ubuntu/WinXP system Died the Good Death

Posted 09 July 2009 - 15:36

id go with this alternative

Block the MAC and see who complains they can't access the network.



#14 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 74
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 09 July 2009 - 15:37

"to go from computer to computer and check their mac addresses. "

Why is that? And why do you need the name? Are you switches not managed? On a managed switch you can always track down what port a mac address is connected too.. Even if the cheapest smart switches support this.

For example from $80 my home gig switch!

address_table.jpg

Ports with more than one mac address on them have downstream switches connected, etc.

finding what port a mac is connect to on cisco swith is as easy as

show mac-address-table | inc partofmacaddress

Once you no the port -- go to that port and follow the wire and you have your computer ;)

#15 fAlCoNNiAn

fAlCoNNiAn

    Upclock Addict

  • Joined: 28-October 03
  • Location: Washington, D.C.

Posted 09 July 2009 - 15:41

...
if all else fails, kick them from the network or quarantine them, and first person who comes and bitches about it, is the culprit.



Block the MAC and see who complains they can't access the network.

Great minds think alike.



Click here to login or here to register to remove this ad, it's free!