Tracing unknown IP addresses?

FeedTheDogg · 05-19-2007, 03:47 AM

Is it possible to find out who is on your network, we have been having internet security related problems and would really like to know who/where the individuals on our network are. we have a program that protects our network, but it doesn't tell us who is who unless they have a name, (like my computer is HIPPY.) Anyways, does anyone know what i should do?

Lrrpie-CT · 05-19-2007, 08:11 AM

Are you trying to track public or private IP traffic?

Painthappy · 05-19-2007, 11:01 AM

Each computer on your network SHOULD have it's own IP address. If you are running on a private network, and running through a router.

Either 10.0.0.2 or 192.268.1.2 something like that.... And those last numbers will change and be different. This is how the router knows what computer to send the open port information towards.

Externally it should be even easier.

Internally... Outside your internal network, it will look like they all have the same IP as it is giving you the Router IP.

Now I don't know what information you have at your finger tips.

To find out your computer's IP... Go to

Start --> Run --> type in "command"

in the command line, type "ipconfig"

This will get you your IP address.... For the computer name... you can type in "netstat" and that will give you the open ports and how they're being routed to that computer.

There are OTHER ways and better ways, but I won't toss a deluge of info at you without some more specifics.

Carter

Lrrpie-CT · 05-19-2007, 04:37 PM

If you want to get a comprehensive list of hosts and services running on your internal network, dowload a demo version of Languard network security scanner from GFI at: Network Security Scanner and Port Scanner

There are some freebie utilities like angry ip scanner (google it) but many won't probe to see what services are listening on an IP address. Of course a good software firewall will kill a port scanner.

If you use a DHCP server on your network, it should maintain a list of DHCP client hosts and their corresponding IP addresses.

Also, depending on what kind of equipment you have, many intelligent switches keep track of MAC addresses and other corresponding info that you can view. This can be very useful in that a PC can mask its IP address but it needs to register a MAC address with the network in order to operate on the network.

Kindred · 05-19-2007, 10:16 PM

Can you be a little more specific about where you think you're being compromised? ...and a little info about your network?

There are a LOT of tools, utilites, and just basic good practices we can suggest, but rather than flood you with info you may not be ready for, a little background might help us narrow things down a bit.

FeedTheDogg · 05-19-2007, 10:28 PM

basically we are on a wireless network. We really think it could just be a neighbor using our router but we also are overly alerted by our security programs....I don't know....its kinda lame, we get all these programs to alert us and no knowledge about what it means.

Mstrtal · 05-19-2007, 10:30 PM

Not to confuse the issue further but you can clone a MAC addy. I had to do it when I lived at the university and didn't want to go threw the hassle of un-registering my old PC and registering my new PC after I built it. Not becouse I was trying to be clever or screw the University but becouse I didnt want to wait 2 weeks to have them permit me access.

Wycke · 05-20-2007, 12:04 AM

Quote:

Originally Posted by FeedTheDogg

basically we are on a wireless network. We really think it could just be a neighbor using our router but we also are overly alerted by our security programs....I don't know....its kinda lame, we get all these programs to alert us and no knowledge about what it means.

Software doesn't solve problems unless you know how to use it. Can you be more specific about the software you're using and what kind of alerts you're getting? Most security-type software has several basic "levels": "Low" (insecure), "Medium" (moderately secure), and "High" (paranoid). Some default to paranoid out of the box. Paranoid is annoying, so most folks drop down to "Medium". That still throws out quite a few alerts, so they eventually drop it to "Low". So, they end up in a situation like you, where they've paid cash money for hardware or software to make their network more secure, only to disable or minimize the level of protection it provides.

Lrrpie-CT · 05-20-2007, 10:21 AM

Quote:

Originally Posted by Mstrtal

Not to confuse the issue further but you can clone a MAC addy. I had to do it when I lived at the university and didn't want to go threw the hassle of un-registering my old PC and registering my new PC after I built it. Not becouse I was trying to be clever or screw the University but becouse I didnt want to wait 2 weeks to have them permit me access.

True. But if the IT department banned your MAC address, cloned or not, you'd be off the network. I've never tried to list identical MAC addresses concurrently, but I can't imagine it would work very well.

Lrrpie-CT · 05-20-2007, 10:23 AM

Quote:

Originally Posted by FeedTheDogg

basically we are on a wireless network.

That says it all!

05-19-2007, 03:47 AM	#1 (permalink)
FeedTheDogg Active Member Join Date: Jul 2006 Location: Carlsbad, CA	Tracing unknown IP addresses? Is it possible to find out who is on your network, we have been having internet security related problems and would really like to know who/where the individuals on our network are. we have a program that protects our network, but it doesn't tell us who is who unless they have a name, (like my computer is HIPPY.) Anyways, does anyone know what i should do?

05-19-2007, 11:01 AM	#3 (permalink)
Painthappy I Am The Admin Join Date: Mar 2006 Location: New Boston, NH	Each computer on your network SHOULD have it's own IP address. If you are running on a private network, and running through a router. Either 10.0.0.2 or 192.268.1.2 something like that.... And those last numbers will change and be different. This is how the router knows what computer to send the open port information towards. Externally it should be even easier. Internally... Outside your internal network, it will look like they all have the same IP as it is giving you the Router IP. Now I don't know what information you have at your finger tips. To find out your computer's IP... Go to Start --> Run --> type in "command" in the command line, type "ipconfig" This will get you your IP address.... For the computer name... you can type in "netstat" and that will give you the open ports and how they're being routed to that computer. There are OTHER ways and better ways, but I won't toss a deluge of info at you without some more specifics. Carter __________________ Focal point of a distant gaze MCB Rules - Please Read them MySpace.com/painthappy - MySpace Blog PM me or Email me if you have tips, paintball news, or press releases.

05-19-2007, 10:16 PM	#5 (permalink)
Kindred Mod & Underwear Model Join Date: Mar 2006 Location: Neshanic Station, NJ	Can you be a little more specific about where you think you're being compromised? ...and a little info about your network? There are a LOT of tools, utilites, and just basic good practices we can suggest, but rather than flood you with info you may not be ready for, a little background might help us narrow things down a bit. __________________ Strive for that moment when you're only a slice of pizza and a hooker away from paradise.

05-19-2007, 08:11 AM	#2 (permalink)
Lrrpie-CT See Matt Mod. Join Date: Mar 2006 Location: Bethlehem CT	Are you trying to track public or private IP traffic?

05-19-2007, 04:37 PM	#4 (permalink)
Lrrpie-CT See Matt Mod. Join Date: Mar 2006 Location: Bethlehem CT	If you want to get a comprehensive list of hosts and services running on your internal network, dowload a demo version of Languard network security scanner from GFI at: Network Security Scanner and Port Scanner There are some freebie utilities like angry ip scanner (google it) but many won't probe to see what services are listening on an IP address. Of course a good software firewall will kill a port scanner. If you use a DHCP server on your network, it should maintain a list of DHCP client hosts and their corresponding IP addresses. Also, depending on what kind of equipment you have, many intelligent switches keep track of MAC addresses and other corresponding info that you can view. This can be very useful in that a PC can mask its IP address but it needs to register a MAC address with the network in order to operate on the network.

05-19-2007, 10:28 PM	#6 (permalink)
FeedTheDogg Active Member Join Date: Jul 2006 Location: Carlsbad, CA	basically we are on a wireless network. We really think it could just be a neighbor using our router but we also are overly alerted by our security programs....I don't know....its kinda lame, we get all these programs to alert us and no knowledge about what it means.