Question about IP address and tracking (1 Viewer)

[Luc]

OK, our company assign each one of us an IP address. One day while being on the web, I got a message saying that some other computer is using the same IP address. Checking whether that's possible, I went to the computer next to me and enter its IP address as mine and it's fine so I know it's possible that someone is using my IP address.
We have an IT person and I asked him who else is using my IP address. He doesn't know. All he can do is check to see if he assigned the same IP address to more than one person.
So my question is this: I thought the guy who's in control of giving us the IP address and running our server can see everything like who's computer is using which IP address when and where. If he can't keep track of that, then how can he keep track who is doing what (I mean if there's illegal things going).
Can't the IT person just look at a particular IP address and know where that IP address has been? And can't he know that the IP address is coming from more than one computer if someone is infact using my IP address? If he can't then someone can get me in big dodo using my IP address right?
Anyway, our IT guys don't have an answer for me. He just ask me to see if it goes away .

 

[Matt Stryker]

I think I know the ad you're talking about, and all it says is that "Your computer is broadcasting an IP address; someone can use that to hack your computer!" . What a bunch of BS. Thats equivalent to "Your house has a street address! Someone could rob you!".

Having the same IP as someone else on an open network is very bad, because other computers on the network have no way of knowing who is who. If you think someone else is using your IP, the easiest way to find out is to completely shut down your PC, and then go to another computer and try to ping your IP (ping xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is your computers IP address). If it responds, it means there is someone else using the same address.

The chance of someone getting you in trouble with your IP address (hacking a site, downloading porn, etc) is possible, but it would much more likely cause a network routing problem before it ever got to that point. Usually duplicate IPs cause both machines to lose IP connectivity.

 

[Luc]

Matt, I know the ad you're talking about. It's very annoying. My problem is not that.

So can they and can't they track the person who could possibly be hoping with people's IP address for whatever reason? Since the message comes and go with sometime over a month without a message that some other computer is using my IP address, I suspect that's what this person is doing. Although the message said that it could disrupt my network connection, it never really has.

Our IT guys make mistakes of giving out the same IP address before but they told me it's not their fault this time.

 

[Joseph DeMartino]

What's actually going on is hard to identify. It depends on where this message is coming from (your internal network or the 'web) and exactly how your internal network is organized.
If this is a message from a website, it is probably a load of crap. Your network is almost certainly behind a firewall, in which case as far as the outside world is concerned, your individual PC doesn't have an IP address. (The rest of the internet only sees the firewall's IP address. You and everyone else in your company look like a single web user.) If it is internal, then there is probably a duplicate IP out there somewhere. But these can, in fact, be hard to track down depending on exactly how your network is configured, what kind of software your IT people have available, and what kind of records they keep of installed PCs and network interface cards.
Your best bet is to wait until the error comes up again and then write down the exact text of the error message. Including the title of the dialogue box. Error messages are there for a reason, and they're worded in a certain way for a reason. This is the single most important step in troubleshooting most computer problems, and the one nobody ever seems to do. They all clear the message and then call tech support, expecting the guy at the help desk to know exactly what they mean when they say something like, "I got that DLL error."
(Sorry for the mini-rant. Pet peeve.)
When you're ready to post that error message, you might want to post it in the computer forum rather than after hours, where you'll probably get help faster.
Regards,
Joe

 

[Joseph DeMartino]

P.S.

Your network admin more likely tracks your computer usage through your log-in than through your IP address. Even when I worked on fixed IP address networks that's what I did, because the IP address a given user is working at is subject to change. If your computer had a problem I might have you log in at the workstation of someone who was off that day while I played with your machine. If I couldn't fix the problem right away I'd slap a similar loaner machine on your desk (which would have its own IP address) and take yours away to fix it. Odds are that once I fixed it, I'd never return "your" machine, but put it in stock to use as a loaner the next time I needed one.

Regards,

Joe

 

[Glenn L]

The other person is probably getting the same pop-up. I can't imagine that it's deliberate. A hacker would not want to draw attention to himself, this is certainly not the way to go about doing that. You either got the IP address wrong, the other person got the IP address wrong, or your network admin is a doofus.

Most places don't have this problem because they use DHCP. You get an address automatically from your network. Other user gets a (different) address automatically as well. No conflicts. It's all spiffy.

As for tracking things down, movies make this seem like it's the easiest thing in the world to find a computer based on its IP.

At the university where I work, networking services can track down any IP address to the wall-jack that it's plugged in to, but that's only because they are *zealots* at keeping track of what wall-jack plugs into which router port. They only allow a handful of people to have access to the wiring closets for just this reason. Even with all this, it can take a few days to find out what room a person used an IP address from (check router logs, then check wiring maps).

Most companies, yours included probably, don't keep track of any of this info, and just let any admin run cables. The result is no one knows what IP goes where.

Depending on what kind of network you're running at work, you may be able to figure something out. If your computers have any kind of naming convention, like if your computer is named after you or named after where it is located, that can help. Under Windows 2k, the 'nbtstat' command can help. Bring up a command prompt (Start Menu->Run->'cmd') and type 'nbtstat -A '. If it works out, you should see the computer's name in the output, and you can go from there.

Good luck.

 

[Seth Paxton]

Yes, for various reasons a lab or small network especially will have a batch of IPs to physically assign rather than DHCP them. SMART admins are keeping a log of these IP handouts so they don't give the same one to 2 different users.

Sounds like you got an internal network message pop up box alerting you to the problem. Why your people don't have a log of IPs...well Joseph already alluded to some reasons.

 

[Joseph DeMartino]

At the university where I work, networking services can track down any IP address to the wall-jack that it's plugged in to, but that's only because they are *zealots* at keeping track of what wall-jack plugs into which router port.

Just to clarify something: IP addresses are not bound to network wiring jacks or ports, unless the netadmin simply decides to number things that way. The IP address is bound to the network interface card inside the computer (or other network component such as a router or a printer.) Plug a different PC into the same network jack and you'll detect a different IP address.

Like I said, depending on the type and sophistication of the tools and software available to your tech people (and the really good stuff is damned expensive and rarely needed, so companies tend not to buy it) they might be able to resolve an IP address to the MAC address of the hardware NIC. Then, if they keep an inventory of MAC addresses, they can get a physical location. Otherwise it is a bit of a pain.

Sounds to me like either a 'net message or they fouled up an IP address and don't realize it. (It is easy to make a typo when setting one up.) Also if they prototype PCs and store images on a server using Ghost or a similar program, every new PC based on that image is going to start out with the same IP address - the one that was on the original prototype machine. If the tech forgets to change this when deploying it, you'll get errors. (Although the tech should catch this while setting up the PC. Still, I've been known to miss this kind of thing when setting up a lot of machines in one day.)

But if there are two machines with the same IP address being used on the network, whoever turns on the PC and tries to log-in second is going to get the error message. That means your IT department should eventually get a call from someone else with exactly the same problem. They just have to compare the two IP addresses to confirm that they're the same and then change one of them.

Something I just remembered: If you don't log out and shut down normally (if the power goes out, or you kick the plug loose), the network may not "see" that your computer is off-line. I've seen cases where someone turns off the PC, or knocks the network cable loose, then immediately tries to reconnect. When they do, they get a duplicate IP address error because the routing table hasn't updated itself in the interim and it still sees your original connection as being active. The "fix" is to shut the PC down, wait a few minutes, then try again. I could see this happening if you've got some kind of loose or damaged network cable, or if your PC locks up and you have to reboot.

Regards,

Joe

 

[Leila Dougan]

It's this very reason why at the University I used to work at we always recorded the hardware address of every NIC we assigned an IP to. We've had instances where two people were trying to use the same IP, sometimes intentionally sometimes not. Since it's easy to get the hardware address from an IP, we instantly knew exactly what computer was part of the problem. Of course it can be tough to keep track of so much data, but once a system is in place to do so, it really simplifies things down the line.