-
December 13th, 2016, 10:52 AM
#16
Thank you HAN. It looks like I will have to do as you suggest and start from the beginning.
I think you are correct that I have some device running a fixed IP in the 168.1 range. I was hoping to find a better way to find it.
Your last line explains exactly my concern, if in fact it is something I do want on my LAN and not an intruder.
This thing has more bugs than a big city flop house.
-
December 13th, 2016, 01:28 PM
#17
As jdc2000 mentioned, one of them seems to be an HP printer. Do you have an HP printer or not? If so, does it have wireless capabilities?
The 192.168.1.x devices are probably looking for an adhoc connection (no router). You've determined that one is a Roku. Do you have any other WiFi devices like that? I already mentioned "smart" TVs also.
-
December 13th, 2016, 02:00 PM
#18
I do have an HP printer with wireless. It has an IP of 192.168.2.107. I just did another netscan and the printer does show up with this IP.
Apparently the printer was offline when I did the scan previously posted but still powered on.
No smart TV's.
I am in the process of shutting down all of my networked items and re-scanning to try to determine the source.
This thing has more bugs than a big city flop house.
-
December 14th, 2016, 01:16 AM
#19
Well that was a real PITA! But after all of that I have determined that the 192.168.1.*** IP's are actually coming from my ISP.
I went in the opposite direction than HAN suggested. It just seemed to be the best route for me. I started by disconnecting networked items one at a time and re-scanning. I found items on my LAN that I did not even think about. My OHD opener is network connected, shop thermostat, one of my Harmony TV remotes. So I eventually got to the point where all that was connected was my host router to my computer by ethernet with the WIFI shut off in the router. The scan then showed only the computer IP-192.168.2.143 and the three 192.168.1.1, 192.168.1.120, and 192.168.1.184. So apparently the IP's are part of the ISP's fibre optic network.
Does that sound correct? Should I call the ISP and question them about this? This is a small local telecom so it may be a chore to actually talk to someone with in depth experience with this type of question.
Or am I on the wrong path again?
This thing has more bugs than a big city flop house.
-
December 14th, 2016, 01:21 AM
#20
Ok take a look.
from the cmd prompt
ipconfig -all
And see what it says.
-
December 14th, 2016, 09:39 AM
#21
Here is my IP config,
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Dell2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : walnutel.net
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : walnutel.net
Description . . . . . . . . . . . : Dell Wireless 1705 802.11b|g|n (2.4GHZ)
Physical Address. . . . . . . . . : 90-48-9A-00-84-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 12-48-9A-00-84-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : walnutel.net
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : B8-2A-72-A4-72-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f571:5470:2294:eb88%6(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.143(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, December 14, 2016 1:12:22 AM
Lease Expires . . . . . . . . . . : Thursday, December 15, 2016 1:12:21 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 62401138
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2D-5A-D9-B8-2A-72-A4-72-0C
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 90-48-9A-00-84-CA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:2854:193c:87f:324:5871:16c(Preferred)
Link-local IPv6 Address . . . . . : fe80::87f:324:5871:16c%5(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 318767104
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2D-5A-D9-B8-2A-72-A4-72-0C
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.walnutel.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : walnutel.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\WINDOWS\system32>
I am unsure of the last two "Tunnel adapter's"
Walnutel is my ISP.
This thing has more bugs than a big city flop house.
-
December 14th, 2016, 12:23 PM
#22
That looks fine.
I was able to bypass all the routers and connect straight to the modem wired, and that gave me the IP numbers which was 192.168.1.xx
Yes, they were using private numbers in that area.. Don't think you can do that with your combined router/modem.
-
December 14th, 2016, 12:47 PM
#23
I talked to a tech at my ISP today. He checked and said that he did not see anything on his end.
He should not see anything on his end anyway should he? All he should see is my WAN IP, and any traffic. Correct?
He had me ping and traceroute the .1's and they do ping and I am able to traceroute them. He suggested that maybe the .1's were in the router itself as a default IP.
Sounds possible, but doubtful to me. My routers are Linksys WRT's that have been flashed with DD-WRT firmware. Pretty sure when I flashed them that would have removed all previous firmware and I have never read anything about the DD-WRT firmware having this issue.
He did tell me that he was unsure what was going on. All he could do is guess, but he would try to do some research. Helpful guy, but this seems to be a new one for all.
This thing has more bugs than a big city flop house.
-
December 14th, 2016, 02:40 PM
#24
192.168.1.1 sounds like a default router IP. Normally, you shouldn't be able to access 192.168.1.x from 192.168.2.x unless some forwarding was set up. Very strange.
How many routers do you have? I'm assuming you set all of their IPs to be within the 192.168.2.x range.
-
December 14th, 2016, 02:57 PM
#25
I have three routers in the network. My ISP comes into my "Host router" that serves as a DHCP server, then two others connected to it. All in the 192.168.2.x range.
No forwarding that I am aware of, although I do have a Windows Home Server that has web access. But it has not been powered up for several months. It is getting "aged" and I am deciding how to replace it. Leaning towards a NAS that can be used as a "Cloud" which adds to the concern I have with making sure I do not have network issues now before I add something new.
This thing has more bugs than a big city flop house.
-
December 14th, 2016, 03:18 PM
#26
So if you disconnect the ISP's modem, do you still see the 192.168.1.x subnet?
If anything, I'd guess the ISP's modem/router is forwarding from 192.168.2.x (your network) to 192.168.1.x (the ISP's network).
your network > 192.168.2.1 (your router) > ISP modem (192.168.1.1?) > ISP network
Does your ISP have a forum? Maybe someone else has encountered the same issue?
-
December 14th, 2016, 03:39 PM
#27
There is no modem. My ISP is fiber optic, it comes into a demark enclosure where it is split into telephone, TV (aka Cable) and my internet service. From the demark into the house I have a Cat 5, maybe 6 that is plugged directly into my router.
I talked to the ISP tech and he says that they do not have anything in the service that would be in the 192.168.1.1 range.
Small town in Iowa. Walnut Telecom, Walnut, Iowa. No forum. We do have corn and cows though! And cold, lots of cold today.
This thing has more bugs than a big city flop house.
-
December 14th, 2016, 03:41 PM
#28
In your discussion with the ISP tech, did he say that the ISP assigns customers unique routable IP addresses or do they have a core grouping of routable addresses coming into them and they then NAT traffic to the customers via something like 10.x.x.x, 172.16.x.x or 192.168.x.x?
So if you disconnect the ISP's modem, do you still see the 192.168.1.x subnet?
Excellent question. If you don't, then it points to the main router??
I still keep wondering if something's not hard coded to static 192.168.1.x IP addresses too.
-
December 14th, 2016, 08:09 PM
#29
Bypass all the routers and do a ipconfig -all
-
December 14th, 2016, 10:51 PM
#30
OK this is starting to get interesting. I seem to have sparked some interest so I did more testing. As suggested I did get around to testing directly from the ISP to my computer. But first here are some preliminary tests,
First from my laptop wireless with network as "normal"
1st Scan Wireless normal useage.PNG
Next with ISP incoming disconnected from Host router. This is what I would expect to see if I did not have this concern.
2nd Scan ISP disconnected from Host router.PNG
Now this is a scan with the ISP connected directly to my laptop. I did a ipconfig/release before plugging in the cable. Then ipconfig/renew after plugging in. This is a capture of the scan. The actual scan showed 508 live connections. I saved the scan if interested. But it seems to show that the .1.xxx range does in fact come from the ISP.
Capture33.PNG
Here is the cmd prompt of the ipconfig,
Deleted. It showed my WAN IP. If needed I can post, but will erase WAN IP.
Last edited by Ron Rockwell; December 14th, 2016 at 11:16 PM.
Reason: Deleted cmd attach
This thing has more bugs than a big city flop house.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|