Identify machines connected to switch
Not quite a dupe, but there's a similar question here, which has some suggestions about mapping an IP address to a switch port.
In this case, it sounds like the best option is to identify all switch ports that are connected to devices you know about. My suggestions for this (assuming Cisco managed routers/switches):
Identify known devices
From your first hop router(s), do a broadcast ping on each subnet that is trunked to a switch supporting the office space (as opposed to any data centre space you may have). Note, this should be the directed broadcast address of each subnet, rather than the 'all devices' broadcast IP of 255.255.255.255 In Cisco IOS, this can only be done from privileged exec mode. For example, to ping all machines on the subnet 192.168.100.0/25, use:
ping ip 192.168.100.127
This will populate the ARP cache of the router with entries for all machines on each subnet responding to ping.
Again on the first hop routers, extract the list of ARP entries for each subnet:
show ip arp interface vlan 100
This will give you all the IPs and MAC addresses of every device that responded to the ping. You can check the list of IPs against DNS (or another naming service) to identify the names of specific devices. Any IP address that you can't match a name to should be flagged for further investigation.
Map known devices to switch ports
Take the list of MAC addresses and use it to determine which switch port each device is connected to.
show mac-address-table address <mac-address>
Will show you the MAC address table entry for that particular MAC, including which switch port it's connected to. Alternatively:
show mac-address-table vlan <vlan number>
Will show you the MAC address table for all ports in that VLAN. Note, the default time out for MAC address tables on Cisco devices is 5 minutes; you may need to run your broadcast ping again in order to repopulate it.
Map unknown devices to switch ports
For those IPs that you couldn't map to known devices, the commands in the previous section will tell you which port you need to check.
Also, run:
show mac-address-table
with no arguments. Take the output, and remove the lines for any known MAC addresses, as well as any router-router and switch-switch links. The MAC addresses that you will be left with are devices that are connected to your switch, but aren't communicating via IP to your first hop routers. The ports these appear on should also be flagged for investigation.
Map flagged ports to outlets
For all the ports you have flagged (i.e. devices you can't identify), you'll need to do a physical trace from the switch port to the access port on the office floor. If you're lucky, your landlord will use managed cabling infrastructure; if not, be prepared to lift floor tiles and trace cables the old fashioned way. Best of luck.
If you have CDP enabled and a recent IOS, a nice, fast way to find where a PC is plugged into is by MAC. Use this command on the Cisco router's CLI:
traceroute mac xxxx.xxxx.xxxx xxxx.xxxx.xxxx
Where xxxx.xxxx.xxxx is the MAC address of the PC. If you don't know the MAC, I would look in the arp-cache for the IP and find the MAC that way. You may want to ping the broadcast IP to get everything to arp so devices that have been idle show up.
router#traceroute mac 0000.0000.0000 0000.0000.0000
Source 0000.0000.0000 found on switch5
1 switch5 (10.11.12.5) : Gi0/43 => Gi0/43
Destination 0000.0000.0000 found on switch5
Layer 2 trace completed
A more typing intensive way to do this is to do this:
router#show mac- | inc 0000.0000.0000
100 0000.0000.0000 DYNAMIC Po1
router#show int Po1 | inc Gi
Members in this channel: Gi1/0/1 Gi2/0/1
router#show cdp neighbors Gi1/0/1 detail | inc IP
IP address: 10.11.12.5
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
IP address: 10.11.12.5
You would then telnet/ssh into 10.11.12.5 and repeat until you found no more CDP neighbors which would most likely mean the port you found is the port the PC is connected to.
CiscoWorks, or whatever they call it now, will definitely do this for you. There are also SNMP OIDs that can enumerate the ports, the port status, and the CAM table. This will, at the very least, tell you which switchport a MAC address is on. Depending on your switch model you may also be able to view the ARP table.
I would start out by searching for your specific switch model to see what kind of SNMP OIDs are available. You can also check out NetDisco, which is an opensource network discovery/monitoring tool. The development slowed for the past few years, but a new release is currently being developed.
NetDisco
MIBs Supported by Product - Cisco
Spiceworks is free and will automatically create a nice map of all components on your network, complete with name, IP, and traffic. Its very easy to use also.
http://www.spiceworks.com/
First do continuous ping to/from machine you want to find to other machine in network. You can use
pint -t <ip address>
in windows for continuos ping.
After that on connect to cisco switche using ssh / telnet / console and you you can use
show ip arp | include <ip address>
command to find mac address of particular machine. You could have also simply looked up mac address of machine if you had access to it. Then you can use command
show mac address-table | include <mac listed above in show ip arp>
or
show mac-address-table | include <mac listed above in show ip arp>
depending upon which switch you are using. This will tell you the port at which packets belonging to that MAC address will be forwarded. If that port is a trunk port, ie another switch is connected at that port then you can follow the same steps on the other switch, until you find port at which hosts are connected. If cdp is enabled you can use command
show cdp nei detail
to find IP address / hostname of switch which is connected to that port.
For the process to work you must start from top layer 3 switch / router and you should do continuos ping to IP in another subnet. Also it is assumed that complete network uses only cisco manageable switches.