Need to find computer name from MAC address

By LittleNeutrino
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

LittleNeutrino Veteran

Posted
  • Veteran
Posted

Ok so here at the company i work for we have determined that someone has been doing things they should not with the computers and all i had was an ip address and a MAC address and i have tried ARP and NBTSTAT and i am unable to get the computer name from either of the numbers is there another way that i can find the computer name from either the IP address or MAC address.

Link to comment
Share on other sites
Mentor

Grunt

Posted
Posted

Depends on how your network is set up.

are IP's static for machines? if so, check DNS on the server.

What about logs for the switches? you'll be able to see from them presumably

Link to comment
Share on other sites
Grand Master

Sophism

Posted
Posted

Depending on your network setup you could also Browse the computer using a domain admin account etc.

Just go to any computer and type \\ipadd\c$ in the address bar of explorer.

This should let you browse the mydocuments folder which should give you enough information to figure out where they are.

Link to comment
Share on other sites
Mentor

norseman

Posted
Posted

Have you tried nslookup?

Go to a command terminal and type nslookup ipaddress, it should resolve the computer name.

I hope that helps!

Link to comment
Share on other sites
Grand Master

LittleNeutrino Veteran

Posted
  • Author
  • Veteran
Posted

the IPS are dynamic for most machines. and we do not have good enough equipment for logs.

Link to comment
Share on other sites
Mentor

Grunt

Posted
Posted

also "ping -a IP.Ad.dr.ess." may resolve the hostname which the IP belongs to. but thats only assuming the DNS reverse lookup tables are working correctly AND they still hold the same IP :/

Link to comment
Share on other sites
Collaborator

eXtermia

Posted
Posted

http://www.coffer.com/mac_find/ may help you at least determine what kind of device it is.

You really have no WINS, DNS, or DHCP servers? most logs here are small and will often tell hostname requesting the info.

Do you have managed switches to set up port mirroring or if connected to a hub or at least if managed. Disconnect them or thier lan segment as last resort.

You can sniff the traffic.

If you can't get the Hostname using a NBTSTAT -a xxx.xxx.xxx.xxx (replaces x with ip) then the box is either firewalled. Does not respond to because it isnt a PC might be like a router, switch , printer etc.

try http or https to the hosts IP

attempt to telnet to it

try SSH to it.

lastly GO look for strange devices or PC

Link to comment
Share on other sites
Mentor

fAlCoNNiAn

Posted
Posted

is your dhcp server a box (computer, windows, linux) or a router (cisco, netgear, etc.)?

If its a windows or linux box, you can look up the host name in the dhcp scope. If you have absolutely no idea what the box is, or who it is, then run nmap on it to see what ports the machine has open and what the make of the network card is. usually that might point you in the right direction.

if all else fails, kick them from the network or quarantine them, and first person who comes and bitches about it, is the culprit.

Link to comment
Share on other sites
Grand Master

LittleNeutrino Veteran

Posted
  • Author
  • Veteran
Posted

We know that it is a Dell computer, We know that it has to be wired in (our wireless network has a different IP set) and we know what the MAC address is. Also we know there is no current computer on the network that has the ip address that it had when it was causing problems. I think i might just have to go from computer to computer and check their mac addresses.

Link to comment
Share on other sites
Grand Master

Eric Veteran

Posted
  • Veteran
Posted
We know that it is a Dell computer, We know that it has to be wired in (our wireless network has a different IP set) and we know what the MAC address is. Also we know there is no current computer on the network that has the ip address that it had when it was causing problems. I think i might just have to go from computer to computer and check their mac addresses.

Block the MAC and see who complains they can't access the network.

Link to comment
Share on other sites
Grand Master

Hell-In-A-Handbasket

Posted
Posted

id go with this alternative

Block the MAC and see who complains they can't access the network.
Link to comment
Share on other sites
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

"to go from computer to computer and check their mac addresses. "

Why is that? And why do you need the name? Are you switches not managed? On a managed switch you can always track down what port a mac address is connected too.. Even if the cheapest smart switches support this.

For example from $80 my home gig switch!

post-14624-1247153123_thumb.jpg

Ports with more than one mac address on them have downstream switches connected, etc.

finding what port a mac is connect to on cisco swith is as easy as

show mac-address-table | inc partofmacaddress

Once you no the port -- go to that port and follow the wire and you have your computer ;)

Link to comment
Share on other sites
Mentor

fAlCoNNiAn

Posted
Posted
...

if all else fails, kick them from the network or quarantine them, and first person who comes and bitches about it, is the culprit.

Block the MAC and see who complains they can't access the network.

Great minds think alike.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.