I found a weird IP address on my network that had transmitted an insanely small amount of data. I put the address in my browser and got this. what the heck am I looking at?
UPDATE 10/4 6:47 EDT
I have been going through all the comments. THANKS!!!!!!
I did not know about the techniques listed, so they are extremely helpful.
Sorry for the slow update. As I mentioned below, I got behind with this yesterday so work cut into my evening.
I ran a port scan. The first syntax, -p, brought no joy. The nmap software itself suggested changing to -Pn. That brought an interesting response:
Failed to resolve "1-9999".
Nmap scan report for <Local IP Address>
Host is up (0.070s latency).
All 1000 scanned ports on 192.168.0.46 are in ignored states.
Not shown: 990 filtered tcp ports (no-response), 10 filtered tcp ports (host-unreach)
Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds
Just to be absolutely sure, I turned off my work computer (the only windows box on my network) and reran the same syntax with the same results.
As I read this, there is definitely something on my network running windows that is not showing up on the DHCP.
UPDATE 10/6
I am working through all these suggestions. I am sorry for the slow responses, but I have my hands full with family weekend. I will post more next tomorrow.
But I did do one thing that has me scratching my head and wondering if this may be a wild goose chase.
I ran the nmap again per below with a completely fictional IP address within my normal range. It gave the exact same results:
nmap -A -T4 -p- -Pn <Fictional IP>
Starting Nmap 7.93 ( https://nmap.org ) at 2024-10-05 13:36 BST
Nmap scan report for <Fictional IP>
Host is up (0.054s latency).
All 65535 scanned ports on <Fictional IP> are in ignored states.
does your router give you the MAC address of the device? You can look it up to see who manufactured it and then narrow down. This could be a device that has a web service running is all you are seeing right now.
Don't need the router. If you're on windows or linux, you just ping the ip then enter 'arp -a <ip>' it will show the MAC address for the IP from your machine's arp cache.
You can always start looking at how to use WireShark to sniff the packets and learn more about what is coming and going from that system. WireShark can be a daunting tool but if you look at some videos or walk through you should be able to get a handle on how to make it reveal only the one devices network traffic
I have Wireshark, but haven’t really had a reason to learn it. I mostly just stare at the traffic rolling by the way they do on The Matrix. This is on the list to try.