Hello,
I'm no network security expert but have been asked to "investigate" someone who has been connecting their personal laptop to the company network and using our internet to do "questionable" activities.
Basically I have this information taken from our domain controller's logs:
- DHCP address that was leased to the laptop at the time of the "infractions".
- Computer name of the laptop.
- Precise date and time of when this person was connected to our network.
Based on the DCHP address, I can somewhat narrow it down to a few different switches at different locations in the building, but there's no way to pinpoint it exactly. If I can figure out which switch they connected to, I would know who did it.
How can I do this?
I'm no network security expert but have been asked to "investigate" someone who has been connecting their personal laptop to the company network and using our internet to do "questionable" activities.
Basically I have this information taken from our domain controller's logs:
- DHCP address that was leased to the laptop at the time of the "infractions".
- Computer name of the laptop.
- Precise date and time of when this person was connected to our network.
Based on the DCHP address, I can somewhat narrow it down to a few different switches at different locations in the building, but there's no way to pinpoint it exactly. If I can figure out which switch they connected to, I would know who did it.
How can I do this?