We often come
across a scenario to physically locate the hosts on a large network from their
IP address.
Assume that
the device is correctly configured and live in the network.
The
Steps are:
·
Check
the ARP of the device if its directly connected.
·
Find/Get
the devices MAC address if its routed segment.
·
Log
into connected device and locate the host
Directly
Connected:
·
Log into the last hop before the device itself
and check the ARP cache for the device.
·
Ping the host IP from the gateway device (Arp
entries time out on specific interval, ICMP refresh it) and check the ARP table
for the device. Command to check:
#show ip arp | I <Ip address>
#show ip arp | I 10.20.30.40
·
From the arp table, get the MAC address of the
host ip. Command to check:
#show mac-address-table address 0009.5432.7654
·
If it’s through trunk interface, log into the
connected device and check the MAC address to locate the host. Command may require
to check:
#show cdp neighbors
#show mac-address-table address 0009.5432.7654
·
Repeat this step until we get an answer pointing
to a host.
Routed Segment:
·
Check the route table to identify whether the host
is routed or connected. Command to check:
#show ip route <host ip>
#show ip route 10.20.30.40
·
If its routed, find the MAC of the routed device
(Gateway Device) and get the MAC address to locate the host.
·
Log into last hop and locate the host.
No comments:
Post a Comment