Re: Find IP address from computer name
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 05/23/03
- Next message: Lanwench [MVP - Exchange]: "Re: Permission to copy Roaming Profiles."
- Previous message: Nemesis: "Exporting Event Logs"
- In reply to: Steven L Umbach: "Re: Find IP address from computer name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 May 2003 08:15:51 -0400
I second the suggestion to use a personal firewall. This way, you wouldn't
need to ask the router guys to reconfigure the routers. Logging the source
IP address of the connection as it happens would be much more reliable than
trying to determine it after the fact by trying to resolve the netbios
computer name. www.sygate.com is another free one that will do this, or a
sniffer like Ethereal:
http://securityadmin.info/faq.htm#sniffers
"Steven L Umbach" <n9rou@nsattbi.com> wrote in message
news:oxZya.221665$pa5.222080@rwcrnsc52.ops.asp.att.net...
> If that happens again, you could try tracert - ping may be
blocked
> by router. Also arp-a and nbtstat -c might have given you a clue on the
W98
> box. See if the router guys can log port 139 into your network and then
you
> might be able to match times of port 139 traffic to your audit logs.
> Otherwise you might try that somewhere on your side of the network. A
> personal firewall program like Kerio (free to try) has pretty good logging
> built into it. You could install it on a computer, even if you have no
need
> for a firewall and just create a rule to allow port 139. Then you could
> configure it to log all traffic that matches that rule and match firewall
> and audit logs by time. Could you send emails to administrators on the
other
> networks, or is that like cheating? I like your tenacity. --- Steve
>
> "Phil" <pmarg@charter.net> wrote in message
> news:Xns9382E255DCEC9pmargcharternet@65.82.44.187...
> > I talked with the netops guys that control the router. They came up with
> > all of the things I've already tried, such as pinging the name (duh!!),
> > checking the WINS server. I finally said he was closing the ticket since
> > he was "stumped" and it is not causing any damage.
> >
> > In the mean time, today I was working on a 98 machine. When I started to
> > reboot up pops this message:
> >
> > "There are 1 user(s) connected to your computer. Shutting down your
> > computer will disconnect them. Do you want to continue?"
> >
> > In this case I clicked no, because I wanted to find out who was
> > connected. I went to Windows 98's NetWatcher utility. And guess what?
> > It's that same frickin' computer name connected to this computer! The
> > same one that was showing up in the security event logs on the domain
> > controller.
> >
> > Here are the details from NetWatcher:
> > User: Administrator
> > Computer: computerX
> > Shares: 1
> > Open Files: 0
> > Shared Folders: IPC$
> >
> > I tried to ping it, but no reply. There's got to be a way to track down
> > the IP of this machine. Any more suggestions? Thanks.
> >
> > "Steven L Umbach" <sumbach@ameritech.net> wrote in
> > news:VAyva.12866$%_3.6538125@newssrv26.news.prodigy.com:
> >
> > > Well that is no good - kinda limits your options. It will be
> > > hard to
> > > track down unless you get lucky and are able to ping/tracert it
> > > sometime. You could look into installing firewall/traffic logging
> > > software on dc to track it down, but probably not worth the headache
> > > to install/configure/reboot, etc. Good luck. --Steve
> > >
> > > "Phil" <pmarg@charter.net> wrote in message
> > > news:Xns9378795BA6DF7pmargcharternet@65.82.44.187...
> > >> Thanks Steve. Unfortunately, even though I am sys admin of our
> > >> location, I don't have access to the router. I've tried getting the
> > >> password from net ops, but this is guarded like gold (I guess their
> > >> afraid I'd mess up their settings). I've tried getting them to take
> > >> care of this, but to no avail. This may end up being an "oh well"
> > >> issue, unless there is some way I can extract the IP from the
> > >> information I am getting in the security logs.
> > >>
> > >> -Phil
> > >>
> > >> "Steven L Umbach" <sumbach@ameritech.net> wrote in
> > >> news:H%uva.12481$%_3.6492091@newssrv26.news.prodigy.com:
> > >>
> > >> > If possible, configure specific traffic logging as traffic
> > >> > comes into
> > >> > your network through the router - possibly you have a firewall
> > >> > there? If so make sure the time is in sych with your domain
> > >> > controllers and log traffic to your domain controllers from outside
> > >> > your network - especially on ports 139 and 445. Then match up your
> > >> > firewall or router logs to the time that the events appear on your
> > >> > domain controllers. If events happen in some sort of pattern you
> > >> > may get lucky and find address by a ping hostname or tracert
> > >> > hostname at the right time. --- Steve
> > >> >
> > >> > "Phil" <pmarg@charter.net> wrote in message
> > >> > news:Xns9377E23409B50pmargcharternet@65.82.44.187...
> > >> >> "Stanimir Vasic" <stanimir.vasic at src.si> wrote in
> > >> >> news:OLk9I41FDHA.2296 @TK2MSFTNGP12.phx.gbl:
> > >> >>
> > >> >> > You could check also dhcp database, if you are using dhcp.
> > >> >> >
> > >> >>
> > >> >> This computer is not in our network. It is on the other side of
> > >> >> our
> > >> > router
> > >>
> > >
> > >
> >
> >
>
>
- Next message: Lanwench [MVP - Exchange]: "Re: Permission to copy Roaming Profiles."
- Previous message: Nemesis: "Exporting Event Logs"
- In reply to: Steven L Umbach: "Re: Find IP address from computer name"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
