IT Employment

General discussion


Trace that machine

By gchocha ·
I have this problem on the network.
I can't figure out which machine is the 'onwer' of this IP address x.y.w.z
I try this

"ping -a x.y.w.z" but nothing comes up.
only the ping replies and their associated messages.
Please help

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by mrbill- In reply to Trace that machine

I guess you could try NSLOOKUP.

Collapse -

by gchocha In reply to NSLOOKUP?

how do I use the command?

Collapse -

Dah - hate helping someone that doesnt help themselfs

by JimHM In reply to

I hate answering questions for people that don't help themselves ... try NSLOOKUP /? - or read ...

Collapse -

You need a scanner or packet capture

by LordInfidel In reply to Trace that machine

unless this is a host on the net (ie www etc), nslookup will do nothing for you.

nslookup is a command line utility that opens a connection to your dns server and allows you to run different type of queries against in. This is not the only thing, but it is a good enough explination.

Now for you dillema. If you do not have wins enabled on your network (not that I am advocating it mind you). You can either run a scanner like cybercop against that IP.

or if you have a "free" packet capture like etheral (which there is a windows version) or Analyzer.

Both of which you will need winpcap if you are running a windows machine.



By using one of those 3 tools you can find the computer name. The pckt captures, fire up the packet capture, then open a command prompt and ping the IP. Once the ping is done, stop the capture and look for the icmp messages to that IP. You will see the host name.

Collapse -

I bow to your knowledge and expertise!

by mrbill- In reply to You need a scanner or pac ...

Gchocha, listen to the man, he knows the answers. I am an idiot sometimes, I misunderstood your problem sorry.

Collapse -

No prob, here is further explanation

by LordInfidel In reply to I bow to your knowledge a ...

The main reason why nslookup and ping would not work is not because they can't do the job.

It is due to the in-addrarpa table, or reverse lookup zone.

If their dns server had an reverse lookup zone and a pointer record to that IP -> hostname. Then pinging the ip with -a or using nslookup against the IP would work.

But typically there are very few scenarios where the joe **** end user computer would ever been in the reverse lookup table.

And that would be when a native 2k ad domain is being used. Because the hosts dynamically register their hostname and IP into dns. So just by opening up the forward lookup zone on the dns server. They would see the information.

Collapse -

One tool I forgot about....

by LordInfidel In reply to I bow to your knowledge a ...

nbtstat -A IP

not sure how I forgot about that simple basic tool.

<maybe it was because I had my sniffer up and running at the time>

my bad

Collapse -

and yet another.....

by LordInfidel In reply to One tool I forgot about.. ...

this one can get you the person who is logged in at the time.

again, sometimes my rush to answer a question allows me to be an idiot even quicker.

Collapse -

Any Other Requirements?

by gario In reply to You need a scanner or pac ...

With an NT4 Network and a W2K workstation, when I capture ping pactets, I don't see a host name in the ICMP.

Are there other requirements?

Collapse -

Which tool are you using?

by LordInfidel In reply to Any Other Requirements?

Related Discussions

Related Forums