I have a 192.168.n.100 IP address according to my Netgear router. But the SBS 2008 server does not show it on the address leases. How can I find out who this is. The page navigates as a blank page in IE with a frameset. Many thanks for your time.

Try doing a 'ping -a 192.168.n.100' in a command prompt and that will return the dnsname of the device.If you found this post helpful, please "Vote as Helpful". If it answered your question, remember to "Mark as Answer". Rich Prescott | MCITP, MCTS, MCP [Blog] Engineering Efficiency | [Twitter] @Rich_Prescott | [Powershell GUI] Client System Administration tool

hi, i understand you found in the logs on teh netgear that there is traffic from 192.168.n.100, while the Ip is not assigned by your sbs (dhcp server)? I see 2 possible causes: a computer on the network is configured to use a fixed IP (not dhcp) your router has still dhcp enabled (or another rogue dhcp is available) Finding out which computer/user this is, can be quite hard, depending on the privileges you have on the remote machine (if you have admin you can use any remote admin tool). Some ideas to get more info on a computer you cannot logon to and do not know the location of: use nslookup to determine whther the computer registered itself in your dns to find out hostname use nbtstat to check if the hostname is available in netbios using ping and arp (only possible on the same subnet) to determine the MAc adress of the device (this can lead you to the NIC manufacturer) use a network capturing app (netmon, wireshark) to capture network traffic to determine _a lot_ (up to passwords for mailboxes etc), be carefull as this might be illegal. use switch and cable info to determine the physical location of a wired device use a laptop or other portable device with wireless monitorign tools (Kismet, airmon-ng,...) to determin the signal strength of a wireless client. In most cases just walking around with th monitoring tool live, will give a pretty decent idea of where the client is located. MCP/MCSA/MCTS/MCITP

Try doing a 'ping -a 192.168.n.100' in a command prompt and that will return the dnsname of the device. ...if the reverse lookup record for the device is registered in dns.MCP/MCSA/MCTS/MCITP

_____

OK, thanks, it announces itself as "KMBT...". I'll have to go away and find what it is.Many thanks for your time.