UPDATE 10/4 6:47 EDT

I have been going through all the comments. THANKS!!! I did not know about the techniques listed, so they are extremely helpful. Sorry for the slow update. As I mentioned below, I got behind with this yesterday so work cut into my evening.

I ran a port scan. The first syntax, -p, brought no joy. The nmap software itself suggested changing to -Pn. That brought an interesting response:

nmap -Pn 1-9999 <Local IP Addr>

Starting Nmap 7.93 ( https://nmap.org ) at 2024-10-04 11:44 BST Failed to resolve “1-9999”. Nmap scan report for <Local IP Address> Host is up (0.070s latency). All 1000 scanned ports on 192.168.0.46 are in ignored states. Not shown: 990 filtered tcp ports (no-response), 10 filtered tcp ports (host-unreach)

Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds

Just to be absolutely sure, I turned off my work computer (the only windows box on my network) and reran the same syntax with the same results.

As I read this, there is definitely something on my network running windows that is not showing up on the DHCP.

  • RestrictedAccount@lemmy.worldOP
    4·
    22 hours ago

    This is interesting. I had to modify it to nmap -A -T4 -p- -Pn <IP>.

    It said the host is up with 0.077 seconds of latency. All 64k ports were scanned with 7 filtered tcp ports (host-unreachable) and the rest (no-response).

    • mrbaby@lemmy.world
      2·
      10 hours ago

      77ms of latency is pretty slow. Based off that I’d assume (but not rule out) that it’s not: on the machine you used to run nmap, not on ethernet, probably wifi with a shitty connection

      So, some really dumb, likely irrelevant, questions that might spark an idea:

      • Do you see anything weird connected in the wifi client list? (You said it wasn’t given a dhcp lease, but it would still show as a wireless client even if it were static)

      • Are you running a VPN server or using VPN to bridge any networks?

      • You said you’re running dual WAN, are those configured properly and not leaking random internet shit into your LAN?

      • Do you have anything that might be running some kind of out-of-band management system like DRAC on a dell server?

      • What’s your IoT situation?

      • Do you have an on-site NVR for security cams?

      • Did you find the mac? If so what are the first 3 octets? Even if the vendor can’t be found, there’s always the chance some crazy ubernerd is going to recognize it. (If it’s 00:d0:2c or 44:d9:e7 I got ya covered)

      Again, most of those are probably irrelevant, but throwing the thoughts out there :)

    • deltapi@lemmy.world
      4·
      21 hours ago

      What’s weird about this is that it should be getting a response from IIS like you showed us in the screenshot.