Do I have uninvited Guests? - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 47

Thread: Do I have uninvited Guests?

  1. #16
    Join Date
    Feb 1999
    Location
    Underwood, Iowa, United States
    Posts
    788
    Thank you HAN. It looks like I will have to do as you suggest and start from the beginning.

    I think you are correct that I have some device running a fixed IP in the 168.1 range. I was hoping to find a better way to find it.

    Your last line explains exactly my concern, if in fact it is something I do want on my LAN and not an intruder.
    This thing has more bugs than a big city flop house.

  2. #17
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    As jdc2000 mentioned, one of them seems to be an HP printer. Do you have an HP printer or not? If so, does it have wireless capabilities?

    The 192.168.1.x devices are probably looking for an adhoc connection (no router). You've determined that one is a Roku. Do you have any other WiFi devices like that? I already mentioned "smart" TVs also.

  3. #18
    Join Date
    Feb 1999
    Location
    Underwood, Iowa, United States
    Posts
    788
    I do have an HP printer with wireless. It has an IP of 192.168.2.107. I just did another netscan and the printer does show up with this IP.

    Apparently the printer was offline when I did the scan previously posted but still powered on.

    No smart TV's.

    I am in the process of shutting down all of my networked items and re-scanning to try to determine the source.
    This thing has more bugs than a big city flop house.

  4. #19
    Join Date
    Feb 1999
    Location
    Underwood, Iowa, United States
    Posts
    788
    Well that was a real PITA! But after all of that I have determined that the 192.168.1.*** IP's are actually coming from my ISP.

    I went in the opposite direction than HAN suggested. It just seemed to be the best route for me. I started by disconnecting networked items one at a time and re-scanning. I found items on my LAN that I did not even think about. My OHD opener is network connected, shop thermostat, one of my Harmony TV remotes. So I eventually got to the point where all that was connected was my host router to my computer by ethernet with the WIFI shut off in the router. The scan then showed only the computer IP-192.168.2.143 and the three 192.168.1.1, 192.168.1.120, and 192.168.1.184. So apparently the IP's are part of the ISP's fibre optic network.

    Does that sound correct? Should I call the ISP and question them about this? This is a small local telecom so it may be a chore to actually talk to someone with in depth experience with this type of question.

    Or am I on the wrong path again?
    This thing has more bugs than a big city flop house.

  5. #20
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    Ok take a look.
    from the cmd prompt
    ipconfig -all

    And see what it says.

  6. #21
    Join Date
    Feb 1999
    Location
    Underwood, Iowa, United States
    Posts
    788
    Here is my IP config,


    Microsoft Windows [Version 10.0.14393]
    (c) 2016 Microsoft Corporation. All rights reserved.

    C:\WINDOWS\system32>ipconfig -all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Dell2
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : walnutel.net

    Wireless LAN adapter Wi-Fi:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : walnutel.net
    Description . . . . . . . . . . . : Dell Wireless 1705 802.11b|g|n (2.4GHZ)
    Physical Address. . . . . . . . . : 90-48-9A-00-84-C9
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Local Area Connection* 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
    Physical Address. . . . . . . . . : 12-48-9A-00-84-C9
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix . : walnutel.net
    Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
    Physical Address. . . . . . . . . : B8-2A-72-A4-72-0C
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::f571:5470:2294:eb88%6(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.2.143(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Wednesday, December 14, 2016 1:12:22 AM
    Lease Expires . . . . . . . . . . : Thursday, December 15, 2016 1:12:21 AM
    Default Gateway . . . . . . . . . : 192.168.2.1
    DHCP Server . . . . . . . . . . . : 192.168.2.1
    DHCPv6 IAID . . . . . . . . . . . : 62401138
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2D-5A-D9-B8-2A-72-A4-72-0C
    DNS Servers . . . . . . . . . . . : 192.168.2.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Bluetooth Network Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
    Physical Address. . . . . . . . . : 90-48-9A-00-84-CA
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv6 Address. . . . . . . . . . . : 2001:0:2854:193c:87f:324:5871:16c(Preferred)
    Link-local IPv6 Address . . . . . : fe80::87f:324:5871:16c%5(Preferred)
    Default Gateway . . . . . . . . . : ::
    DHCPv6 IAID . . . . . . . . . . . : 318767104
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-2D-5A-D9-B8-2A-72-A4-72-0C
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter isatap.walnutel.net:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : walnutel.net
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    C:\WINDOWS\system32>



    I am unsure of the last two "Tunnel adapter's"
    Walnutel is my ISP.
    This thing has more bugs than a big city flop house.

  7. #22
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    That looks fine.

    I was able to bypass all the routers and connect straight to the modem wired, and that gave me the IP numbers which was 192.168.1.xx
    Yes, they were using private numbers in that area.. Don't think you can do that with your combined router/modem.

  8. #23
    Join Date
    Feb 1999
    Location
    Underwood, Iowa, United States
    Posts
    788
    I talked to a tech at my ISP today. He checked and said that he did not see anything on his end.

    He should not see anything on his end anyway should he? All he should see is my WAN IP, and any traffic. Correct?

    He had me ping and traceroute the .1's and they do ping and I am able to traceroute them. He suggested that maybe the .1's were in the router itself as a default IP.

    Sounds possible, but doubtful to me. My routers are Linksys WRT's that have been flashed with DD-WRT firmware. Pretty sure when I flashed them that would have removed all previous firmware and I have never read anything about the DD-WRT firmware having this issue.

    He did tell me that he was unsure what was going on. All he could do is guess, but he would try to do some research. Helpful guy, but this seems to be a new one for all.
    This thing has more bugs than a big city flop house.

  9. #24
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    192.168.1.1 sounds like a default router IP. Normally, you shouldn't be able to access 192.168.1.x from 192.168.2.x unless some forwarding was set up. Very strange.

    How many routers do you have? I'm assuming you set all of their IPs to be within the 192.168.2.x range.

  10. #25
    Join Date
    Feb 1999
    Location
    Underwood, Iowa, United States
    Posts
    788
    I have three routers in the network. My ISP comes into my "Host router" that serves as a DHCP server, then two others connected to it. All in the 192.168.2.x range.

    No forwarding that I am aware of, although I do have a Windows Home Server that has web access. But it has not been powered up for several months. It is getting "aged" and I am deciding how to replace it. Leaning towards a NAS that can be used as a "Cloud" which adds to the concern I have with making sure I do not have network issues now before I add something new.
    This thing has more bugs than a big city flop house.

  11. #26
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    So if you disconnect the ISP's modem, do you still see the 192.168.1.x subnet?

    If anything, I'd guess the ISP's modem/router is forwarding from 192.168.2.x (your network) to 192.168.1.x (the ISP's network).

    your network > 192.168.2.1 (your router) > ISP modem (192.168.1.1?) > ISP network

    Does your ISP have a forum? Maybe someone else has encountered the same issue?

  12. #27
    Join Date
    Feb 1999
    Location
    Underwood, Iowa, United States
    Posts
    788
    There is no modem. My ISP is fiber optic, it comes into a demark enclosure where it is split into telephone, TV (aka Cable) and my internet service. From the demark into the house I have a Cat 5, maybe 6 that is plugged directly into my router.

    I talked to the ISP tech and he says that they do not have anything in the service that would be in the 192.168.1.1 range.

    Small town in Iowa. Walnut Telecom, Walnut, Iowa. No forum. We do have corn and cows though! And cold, lots of cold today.
    This thing has more bugs than a big city flop house.

  13. #28
    HAN's Avatar
    HAN is offline Virtual PC Specialist!!!
    Join Date
    Feb 2002
    Location
    USA
    Posts
    4,319
    In your discussion with the ISP tech, did he say that the ISP assigns customers unique routable IP addresses or do they have a core grouping of routable addresses coming into them and they then NAT traffic to the customers via something like 10.x.x.x, 172.16.x.x or 192.168.x.x?

    So if you disconnect the ISP's modem, do you still see the 192.168.1.x subnet?
    Excellent question. If you don't, then it points to the main router??


    I still keep wondering if something's not hard coded to static 192.168.1.x IP addresses too.

  14. #29
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    Bypass all the routers and do a ipconfig -all

  15. #30
    Join Date
    Feb 1999
    Location
    Underwood, Iowa, United States
    Posts
    788
    OK this is starting to get interesting. I seem to have sparked some interest so I did more testing. As suggested I did get around to testing directly from the ISP to my computer. But first here are some preliminary tests,

    First from my laptop wireless with network as "normal"

    1st Scan Wireless normal useage.PNG

    Next with ISP incoming disconnected from Host router. This is what I would expect to see if I did not have this concern.

    2nd Scan ISP disconnected from Host router.PNG


    Now this is a scan with the ISP connected directly to my laptop. I did a ipconfig/release before plugging in the cable. Then ipconfig/renew after plugging in. This is a capture of the scan. The actual scan showed 508 live connections. I saved the scan if interested. But it seems to show that the .1.xxx range does in fact come from the ISP.

    Capture33.PNG

    Here is the cmd prompt of the ipconfig,

    Deleted. It showed my WAN IP. If needed I can post, but will erase WAN IP.
    Last edited by Ron Rockwell; December 14th, 2016 at 11:16 PM. Reason: Deleted cmd attach
    This thing has more bugs than a big city flop house.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •