Friday, May 8, 2009

Find hosts by their MAC address

I've been having an IP conflict issue on my network, and it happens to only affect my Exchange server of all things. In the event log it provides a MAC address and that's it, which makes it a little more difficult to locate the other computer having an issue. But more difficult doesn't mean impossible. Here's how you can search your network by a known MAC address to figure out which machine the MAC is attached to, at least from a Windows machine.

I'm going to assume you and the offending machine are located on the same network, which is 192.168.1.0/24.

1. Open up a command prompt
2. Type ping 192.168.1.255, then press Enter. This will ping the broadcast address, essentially getting a response from every computer on your 192.168.1.0/24 network
3. Now use arp -a > C:\arp.txt to output the content or your ARP table to a text file named arp.txt on your C drive
4. Close the command prompt
5. Open up your arp.txt file
6. Go to Edit->Find...
7. Type in the MAC address you want to find, in the same format as what's in the file (XX-XX-XX-XX-XX-XX)
8. If the MAC address is not found, then that host is not on your network. Assuming it is found, you will then know the IP address of the machine you're looking for
9. Take that IP address to your DHCP server and lookup the host attached to it

If there's a quicker way to do this, please go ahead and post in the comments or provide a link. However, this will work so it you don't have another way of doing it, at least you know how you can now.

I ended up finding that one of the wireless access points was handing out addresses via DHCP that overlapped a block of statically configured IP address, which was easy enough to change.

No comments: