none
Finding ghosts on the network

    Question

  • I recently began working with a new employer in their network infrastructure team. My main focus is on their VMware environment but I have been assisting on the network and server side of things as well. One thing I've noticed is they have a number of undocumented systems out there; systems that respond to ping but have no DNS record and do not respond to arp. Just thought I would throw this out there to see if others have encountered this, and what you may have done to track down such gremlins. Thus far I have been trying to track them down through the switches, but it is a laborious process.
    Friday, December 09, 2016 4:25 PM

Answers

  • Hi,

    I am checking to see if the problem has been resolved. If there's anything you'd like to know, don't hesitate to ask.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by JeremiahLogan Thursday, March 30, 2017 2:26 PM
    Friday, December 16, 2016 8:31 AM
    Moderator

All replies

  • Hi Jeremiah,

    if you target is just to track these systems then you can simply any networking tool that can scan IP subnets using PING (icmp) for example... from these you can create like a sheet with all consumed IP addresses on the network


    Thanks Mahmoud

    • Proposed as answer by mahelsay Friday, December 16, 2016 12:14 PM
    Monday, December 12, 2016 5:24 AM
  • Yes, I wrote a script that gives me that. Unfortunately, what this customer needs is to actually determine where and what these devices are.
    Monday, December 12, 2016 3:22 PM
  • You may be able to get the "what" from the mac address then use one of the online lookup tools. The "where" may have to come from switch logs.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, December 12, 2016 4:22 PM
  • Hi,

    I am checking to see if the problem has been resolved. If there's anything you'd like to know, don't hesitate to ask.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by JeremiahLogan Thursday, March 30, 2017 2:26 PM
    Friday, December 16, 2016 8:31 AM
    Moderator
  • Sorry for the late reply. I was able to resolve, although not in the manner I had thought. It was confusing why I could ping but arp returned nothing. It turned out, as this company was recently bought out and its domain flattened across the enterprise, there was some overlap in the IP schemes. I was picking up IP addresses on the corporate domain on the other side of the state, as traffic was somehow being routed out the WAN to the corp domain. Never encountered anything like it before. Thank you for all the help.
    Thursday, March 30, 2017 2:25 PM