I'm in a strange situation…
A customer has a huge network based on static IPs.
All machine names are not useful to identify a computer location and network switches are not managed.
One of the computers on the network started broadcasting like crazy hogging their astaro security gateway CPU (probably virus).
I've been able to cut the problem down setting a rule on the astaro to drop all the request from the problematic IP.
Now I need to find out where that PC is.
I thought that if I'm able to shut down its network services the user will call me for assistance and then I'll be able to find the PC and discover what happened.
How can I obtain that?
Sounds like a DDoS attack in "my" network, right?
I have no access to that PC because everyone's admin of his own PC with his own password so no Dameware working, no remote desktop, no mmc snap in, no regedit.
Best Answer
You've got the MAC address so assuming these are brand name machines rather than generics you should be able to track down the manufacturer ( http://www.coffer.com/mac_find/ ), that may narrow you search slightly (assuming you don't have all Dell or similar).
You can use the IP address and a port scanner like nmap to finger print the host and find the likely OS it's running, perhaps narrowing it down further.
If the host is running Windows it will display an error if it detects an IP conflict on the network - I'd suggest intentionally causing an IP conflict and using that method to flag up an alert on the screen of likely candidates.