General discussion

  • Creator
    Topic
  • #2317313

    Trace that machine

    Locked

    by gchocha ·

    I have this problem on the network.
    I can’t figure out which machine is the ‘onwer’ of this IP address x.y.w.z
    I try this

    “ping -a x.y.w.z” but nothing comes up.
    only the ping replies and their associated messages.
    Please help

All Comments

  • Author
    Replies
    • #2738441

      NSLOOKUP?

      by mrbill- ·

      In reply to Trace that machine

      I guess you could try NSLOOKUP.

      • #2738436

        Reply To: Trace that machine

        by gchocha ·

        In reply to NSLOOKUP?

        how do I use the command?
        rgds

        • #3543258

          Dah – hate helping someone that doesnt help themselfs

          by jimhm ·

          In reply to Reply To: Trace that machine

          I hate answering questions for people that don’t help themselves … try NSLOOKUP /? – or read …

    • #2738415

      You need a scanner or packet capture

      by lordinfidel ·

      In reply to Trace that machine

      unless this is a host on the net (ie www etc), nslookup will do nothing for you.

      nslookup is a command line utility that opens a connection to your dns server and allows you to run different type of queries against in. This is not the only thing, but it is a good enough explination.

      Now for you dillema. If you do not have wins enabled on your network (not that I am advocating it mind you). You can either run a scanner like cybercop against that IP.

      or if you have a “free” packet capture like etheral (which there is a windows version) or Analyzer.

      Both of which you will need winpcap if you are running a windows machine.
      http://netgroup-serv.polito.it/WinPcap/

      etheral
      http://www.ethereal.com/

      analyzer
      http://netgroup-serv.polito.it/netgroup/tools.html

      By using one of those 3 tools you can find the computer name. The pckt captures, fire up the packet capture, then open a command prompt and ping the IP. Once the ping is done, stop the capture and look for the icmp messages to that IP. You will see the host name.

      • #2738376

        I bow to your knowledge and expertise!

        by mrbill- ·

        In reply to You need a scanner or packet capture

        Gchocha, listen to the man, he knows the answers. I am an idiot sometimes, I misunderstood your problem sorry.

        • #2738369

          No prob, here is further explanation

          by lordinfidel ·

          In reply to I bow to your knowledge and expertise!

          The main reason why nslookup and ping would not work is not because they can’t do the job.

          It is due to the in-addrarpa table, or reverse lookup zone.

          If their dns server had an reverse lookup zone and a pointer record to that IP -> hostname. Then pinging the ip with -a or using nslookup against the IP would work.

          But typically there are very few scenarios where the joe blow end user computer would ever been in the reverse lookup table.

          And that would be when a native 2k ad domain is being used. Because the hosts dynamically register their hostname and IP into dns. So just by opening up the forward lookup zone on the dns server. They would see the information.

        • #2747349

          One tool I forgot about….

          by lordinfidel ·

          In reply to I bow to your knowledge and expertise!

          nbtstat -A IP

          not sure how I forgot about that simple basic tool.

          my bad

        • #2747339

          and yet another…..

          by lordinfidel ·

          In reply to One tool I forgot about….

          http://www.inetcat.org/software/nbtscan.html

          this one can get you the person who is logged in at the time.

          again, sometimes my rush to answer a question allows me to be an idiot even quicker.

      • #3543261

        Any Other Requirements?

        by gario ·

        In reply to You need a scanner or packet capture

        With an NT4 Network and a W2K workstation, when I capture ping pactets, I don’t see a host name in the ICMP.

        Are there other requirements?

      • #3543254

        You are correct if you don’t have

        by jimhm ·

        In reply to You need a scanner or packet capture

        You are correct – if they don’t your local network tied into the dsn – say using DHCP –

        We type in NSLOOKUP for IP or Host name – and bang .. get get either … the problem is then – what does this yetz have to track back the host name to the machine and its location..

        Did you read thier post to Mr. Bills NSLOOKUP – sounds like a kid in school – not wanting to read a book… to me

        • #3543128

          JimHM idots like you

          by andrewsbm ·

          In reply to You are correct if you don’t have

          Hey JimHM,

          One thing I hate about discussion topics is when they go off topic, but for you I will make the exception. The guy asked a legit Q. not all of us can be experts when we first get into the industry (Obviously like you). idiots like you make the knowledge sharing that much harder and egos that much bigger. If you think you know it all then let everyone into your wealth of knowledge. Or is it that you don’t have any KB and you would rather put people down to make yourself feel that much bigger ? (Don’t bother answering this post, I for one have heard all I want from your large ego and small brain).

        • #3543073

          You can flame – but can’t take it – woose

          by jimhm ·

          In reply to JimHM idots like you

          First – Andrew – They did ask a legit question – at first then they reply’ed “How do you use the NSLOOKUP command” – That was lasziness – if you read the thread you would of seen that – but you appear to not read very much … I guess it was that “Ya done gra-e-aded” the 6th grade.. ”

          If you don’t like my answers – Use your freedom of choice and don’t open them, because I will use my freedom to post what I think and not worry about PC Liberals like yourself.

          “(Don’t bother answering this post, I for one have heard all I want from your large ego and small brain). ”

          Its people like you – that cause problems – because I am not “PC” you think I am brainless, liberals like yourself are the problem and should have an open mind to both sides of the fence, want everyone to follow your rules – I know you think your a ledgend (only in your own Mind) – your think your the guider of Society and the Righter of Wrongs – the PC Police – The Defender of the Stupid – The Guardan of the Light..

        • #3542893

          Say no more :)…………

          by andrewsbm ·

          In reply to You can flame – but can’t take it – woose

          I think your reply proves my point. Well done :).

        • #3543872

          I didn’t think you would read it

          by jimhm ·

          In reply to Say no more :)…………

          Gee – and you said you weren’t going to read anymore of my posts .. Gee Now aren’t you Special for Reading my Post…

          ;->

          I feel Special for it …

        • #3542982

          If you are using AD then yes…

          by lordinfidel ·

          In reply to You are correct if you don’t have

          But they are not using AD/dynamic DNS.

          That is why you are able to do a nslookup on a host name.

          He does not have such a mechanism in place. If he had WINS installed, this will also do the trick, but such is not the case.

          Which is why then you have to resort to sniffing packets off of the wire. And the quick and dirty is to ping the IP and see what host name it returns.

Viewing 1 reply thread