UPDATE 10/4 6:47 EDT

I have been going through all the comments. THANKS!!! I did not know about the techniques listed, so they are extremely helpful. Sorry for the slow update. As I mentioned below, I got behind with this yesterday so work cut into my evening.

I ran a port scan. The first syntax, -p, brought no joy. The nmap software itself suggested changing to -Pn. That brought an interesting response:

nmap -Pn 1-9999 <Local IP Addr>

Starting Nmap 7.93 ( https://nmap.org ) at 2024-10-04 11:44 BST Failed to resolve “1-9999”. Nmap scan report for <Local IP Address> Host is up (0.070s latency). All 1000 scanned ports on 192.168.0.46 are in ignored states. Not shown: 990 filtered tcp ports (no-response), 10 filtered tcp ports (host-unreach)

Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds

Just to be absolutely sure, I turned off my work computer (the only windows box on my network) and reran the same syntax with the same results.

As I read this, there is definitely something on my network running windows that is not showing up on the DHCP.

  • 9point6@lemmy.world
    47·
    1 day ago

    Have you recently installed visual studio or are doing any .NET development? It could possibly be a containerised version of IIS

    If you completely turn off your windows device and try to access the IP from another device does it still resolve?

      • 9point6@lemmy.world
        32·
        1 day ago

        Hmm

        I’d maybe try systematically turning any other devices off you think could potentially have the grunt to run windows server in a container or VM.

        Do you have a Mac/Linux machine handy? If you run arp -a in one terminal and ping the unusual IP in another, that should give you a corresponding MAC address for the device. You can then look up the MAC address and see if it gives you any more info about the device running it—it might not but you never know. You can use something like https://dnschecker.org/mac-lookup.php

        I guess next you could look at taking that MAC and blocking it in your router control panel and see if anything starts complaining

        • thermal_shock@lemmy.worldEnglish
          15·
          1 day ago

          I guess next you could look at taking that MAC and blocking it in your router control panel and see if anything starts complaining

          I love the “see who screams” method, my coworkers do no. it’s usually instant.

        • Agent641@lemmy.world
          17·
          1 day ago

          In addition, you might like to do a portscan on that IP address to see if any other ports reaveal something more interesting.

          You can run this in cmd prompt, I think, if nmap is available on your windows machine:

          nmap -p 1-9999 192.168.1.1

          IIS can only run on a windows OS, so it must be a windows physical machine or VM connected to your network.

          • RestrictedAccount@lemmy.worldOP
            5·
            21 hours ago

            Thanks as you can tell, I’m not an expert in any of this.

            I will run this as you described.

            I did the nmap based on input from ChatGPT, it had me do a Ping base scan with nmap. It turned up nothing because that IP address did not return a Ping.

            This has me really curious.

            I’m concerned that the website I opened in Safari on my phone is bringing up a cache on my browser and is not actually live.

            I tried to open it from an iPad and it did not load. Iit still loads off my phone even though I have rebooted everything.