Need to find computer name from MAC address

[OP Geoffrey B. 1,414]

Ok so here at the company i work for we have determined that someone has been doing things they should not with the computers and all i had was an ip address and a MAC address and i have tried ARP and NBTSTAT and i am unable to get the computer name from either of the numbers is there another way that i can find the computer name from either the IP address or MAC address.

[Grunt 107]

Depends on how your network is set up.

are IP's static for machines? if so, check DNS on the server.

What about logs for the switches? you'll be able to see from them presumably

[Sophism 7]

Depending on your network setup you could also Browse the computer using a domain admin account etc.

Just go to any computer and type \\ipadd\c$ in the address bar of explorer.

This should let you browse the mydocuments folder which should give you enough information to figure out where they are.

[Grunt 107]

^^ More simple than i was thinking. :D

[norseman 212]

Have you tried nslookup?

Go to a command terminal and type nslookup ipaddress, it should resolve the computer name.

I hope that helps!

[OP Geoffrey B. 1,414]

the IPS are dynamic for most machines. and we do not have good enough equipment for logs.

[Si 11]

If you have an IP and and appropriate admin login just use PSLoggedon to find out who they are:

http://technet.microsoft.com/en-us/sysinte...s/bb896649.aspx

[Grunt 107]

also "ping -a IP.Ad.dr.ess." may resolve the hostname which the IP belongs to. but thats only assuming the DNS reverse lookup tables are working correctly AND they still hold the same IP :/

[eXtermia 16]

http://www.coffer.com/mac_find/ may help you at least determine what kind of device it is.

You really have no WINS, DNS, or DHCP servers? most logs here are small and will often tell hostname requesting the info.

Do you have managed switches to set up port mirroring or if connected to a hub or at least if managed. Disconnect them or thier lan segment as last resort.

You can sniff the traffic.

If you can't get the Hostname using a NBTSTAT -a xxx.xxx.xxx.xxx (replaces x with ip) then the box is either firewalled. Does not respond to because it isnt a PC might be like a router, switch , printer etc.

try http or https to the hosts IP

attempt to telnet to it

try SSH to it.

lastly GO look for strange devices or PC

[fAlCoNNiAn 0]

is your dhcp server a box (computer, windows, linux) or a router (cisco, netgear, etc.)?

If its a windows or linux box, you can look up the host name in the dhcp scope. If you have absolutely no idea what the box is, or who it is, then run nmap on it to see what ports the machine has open and what the make of the network card is. usually that might point you in the right direction.

if all else fails, kick them from the network or quarantine them, and first person who comes and bitches about it, is the culprit.

[OP Geoffrey B. 1,414]

We know that it is a Dell computer, We know that it has to be wired in (our wireless network has a different IP set) and we know what the MAC address is. Also we know there is no current computer on the network that has the ip address that it had when it was causing problems. I think i might just have to go from computer to computer and check their mac addresses.

[Eric 1,504]

We know that it is a Dell computer, We know that it has to be wired in (our wireless network has a different IP set) and we know what the MAC address is. Also we know there is no current computer on the network that has the ip address that it had when it was causing problems. I think i might just have to go from computer to computer and check their mac addresses.

Block the MAC and see who complains they can't access the network.

[Hell-In-A-Handbasket 277]

id go with this alternative

Block the MAC and see who complains they can't access the network.

[+BudMan 2,783]

"to go from computer to computer and check their mac addresses. "

Why is that? And why do you need the name? Are you switches not managed? On a managed switch you can always track down what port a mac address is connected too.. Even if the cheapest smart switches support this.

For example from $80 my home gig switch!

Ports with more than one mac address on them have downstream switches connected, etc.

finding what port a mac is connect to on cisco swith is as easy as

show mac-address-table | inc partofmacaddress

Once you no the port -- go to that port and follow the wire and you have your computer ;)

[fAlCoNNiAn 0]

...

if all else fails, kick them from the network or quarantine them, and first person who comes and bitches about it, is the culprit.

Block the MAC and see who complains they can't access the network.

Great minds think alike.

[sc302 1,342]

lets see determining mac address free or trial tools....

languard -free trial

colasoft mac scanner - free

enjoy