I'm trying to find a computer that has a certain IP address on our internal network. I have identified the computer name from DNS, but in this case it does not help me.
Just wondering if I can somehow tie the IP to a switch port, and track it from there? If so, how?
Given an IP address, you should be able to find the MAC address of the corresponding host.
On both Windows and Linux will show you the arp cache of that host, mapping IPs to MAC addresses. (Note that this will need to be run on a machine that is on the same IP subnet as the machine you are trying to find).
Once you have the MAC address, log on to the switch you suspect the rogue host is connected to, and search the MAC address table for that address. (The MAC address table is also called the bridging table, or the CAM table).
For example, on Cisco IOS based switches, the following command:
Will show you the port that a given MAC address was last seen on. If the resulting port is a link to another switch, log on to that switch and run the command again. Repeat until you end up with a host port, and you should have your culprit.
Note that this approach will only work if you have a managed switch that allows its MAC address table to be queried. Failing that, it's going to be a case of manual elimination; find each port that you know isn't the rogue machine, until you're left with one port your can't account for. Good luck.
As others have mentioned, there is no direct way to determine what IP is connected to a certain switch port. The reason is that an Ethernet switch works at L2 of the OSI Model, and typically does not inspect higher level layers (Layer 3 -> IP Address). (There are some exceptions in newer hardware)
One important note, to use the ping / ARP trick you'll need to use a device on the same VLAN or subnet as the device you are searching for. Otherwise, you will only see the MAC address of the default gateway in the ARP table.
Here's the procedure I recommend, if possible.
Source and Destination on the same VLAN
Source and Destination on different VLANs
Check the ARP cache on your switch(es) to find the MAC and Switch Port associated with that IP of the device. This articles should help you:
You didn't specify which operating systems you have available to you on the network, but most of them have an arp command. You can use the arp command to find out what the MAC address is of a host with a give hostname (assuming you are on the same network as the host).
Then you have to check in the ARP caches of your switches to find what port that MAC address is on.
There is no 1:1 mapping between physical interfaces and IP addresses. One port on a switch may handle traffic for many machines (if another switch is daisy chained), and one switch port may forward traffic for more than one IP (if the machine is multi homed).
If you have a sufficiently advanced switch you can look in the management screens of the switch to see if it lists MAC addresses that it has heard on a particular port.
Alternatively, assuming the computer you wish to find isn't too far away (logically) you could try sending a large amount of traffic to it, say
ping -f, which should allow you to trace the port the machine is on by looking at the activity lights.If the switch supports snmp, you can get mac table information remotely, which should have the mapping of physical port and mac address connected to the port.