Check all the active IP addresses on a switch

Question

I have a small LAN network.

Each table has a switch, and the laptops are connected to that switch.

There is a host which is using a large amount of the Internet bandwidth, and I would like to find out which one. I have that user's IP address (the guy who is using large amount of bandwidth), but there are many computers, so I cannot see to whom that IP address belongs.

Is there a way I can find the list of IP addresses connected to a switch (may be Unix command), so that I can visit each desk, run a command, and check all the active IP addresses (computers) connected to that switch, and based on that I can find out to which switch that specific IP address is connected?

This seems more a general networking question than a Linux one. — Rui F Ribeiro, Mar 22 '16 at 13:32
Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can post and accept your own answer. — Ron Maupin, Jan 04 '21 at 22:59

Ron Maupin · Answer 1 · 2016-03-22T18:20:52.470

Switches will know the MAC addresses, but not the IP addresses.

Switches are layer-2 devices, and the ethernet headers contain MAC addresses. A switch will create and maintain a MAC address table, which relates each MAC address with the port to which the device with that MAC address is connected.

IP is a layer-3 protocol, and IP addresses are in the packet headers, which are encapsulated inside the ethernet frame. A switch doesn't strip off the frame to look at the IP headers (router do that).

You need to relate the IP address to the MAC address. This is what ARP does. You can ARP with the IP address to discover the MAC address. Then, if your switch models have commands to do this, display the MAC address table of each switch to discover to which port the MAC address is connected. If the switches are all connected together, you may find the MAC address on a port which connects to a different switch, and you would then need to move to the switch on the connection and repeat the process until you find a host port.

Ok - if I can get mac address from a switch that would be enough. Is there a command for unix that will so mac address connected to that switch ? — tranmaster, Apr 04 '16 at 15:28

score 2 · Answer 2 · answered Mar 23 '16 at 03:20

Can you manage your switches?? Let me explain, can you log in into your switches and write commands on it?. If you can do that, you can, eg, ping from your PC to the IP address that is eating your bandwidth, then, like someone said before, check:

arp -a

that must shown tuples on the form of IP --- MAC:

x.x.x.x ----- xxxx.xxxx.xxxx

The on switches, you can check by commands by what port switches learn that MAC, and get into the wire until you get what you want.

Remember: This is only possible if you have switches with managment capabilities.

score 1 · Answer 3 · answered Mar 22 '16 at 13:03

1

Unix command for listing ip addresses on a network segment

arp -a

NMAP command to list (most of) computer in an IP range

nmap -sP 192.168.1.0/24

Switches cannot be seen on network, since it is a transparent device.

answered Mar 22 '16 at 13:03

MUY Belgium

111
2

I can see the IP, its in our LAN but is there a way I can locate where this computer might be? Is there a way to get a computer name, or some personal info based on his IP, so i can detect who the person might be. I can see the hostname but its named as 'AAABBB' which does not help. – Mar 22 '16 at 13:18
If you have the MAC and IP address, try searching a MAC Vendor Lookup to see who made the Ethernet chipset. It might narrow down what you're looking for, unless all the systems in that lab are exactly the same. Otherwise, you'll need to search by machine. Alternately, you can block all traffic for that port and see who complains. – Mar 22 '16 at 13:25
getting the MAC and going switch to switch to find which switch and which port...there are several ways of finding it out. – Rui F Ribeiro Mar 22 '16 at 13:28

score 0 · Answer 4 · answered Nov 06 '18 at 17:53

You can map the IP address to a MAC address easilly enough, just look at the arp table in the router or another host on the lan that has attempted to communicate with the problem host. On most systems you view the arp table with the arp command.

The big question is do your switches have any form of management capability. If they do then you should be able to log into the switches and view which MAC addresses are associated with which ports.

If they don't then you are in a much less rosy position. You may have to resort to brute force tactics like pinging the problem machine and then unplugging network cables from the central switch one at a time until the pings stop.

Check all the active IP addresses on a switch

4 Answers4