I found a weird IP address on my network that had transmitted an insanely small amount of data. I put the address in my browser and got this. what the heck am I looking at?
UPDATE 10/4 6:47 EDT
I have been going through all the comments. THANKS!!!!!!
I did not know about the techniques listed, so they are extremely helpful.
Sorry for the slow update. As I mentioned below, I got behind with this yesterday so work cut into my evening.
I ran a port scan. The first syntax, -p, brought no joy. The nmap software itself suggested changing to -Pn. That brought an interesting response:
Failed to resolve "1-9999".
Nmap scan report for <Local IP Address>
Host is up (0.070s latency).
All 1000 scanned ports on 192.168.0.46 are in ignored states.
Not shown: 990 filtered tcp ports (no-response), 10 filtered tcp ports (host-unreach)
Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds
Just to be absolutely sure, I turned off my work computer (the only windows box on my network) and reran the same syntax with the same results.
As I read this, there is definitely something on my network running windows that is not showing up on the DHCP.
UPDATE 10/6
I am working through all these suggestions. I am sorry for the slow responses, but I have my hands full with family weekend. I will post more next tomorrow.
But I did do one thing that has me scratching my head and wondering if this may be a wild goose chase.
I ran the nmap again per below with a completely fictional IP address within my normal range. It gave the exact same results:
nmap -A -T4 -p- -Pn <Fictional IP>
Starting Nmap 7.93 ( https://nmap.org ) at 2024-10-05 13:36 BST
Nmap scan report for <Fictional IP>
Host is up (0.054s latency).
All 65535 scanned ports on <Fictional IP> are in ignored states.
If it is, look at the certificate. Which hostname is it for primarily? Which SAN (Subject Alternative Name - basically a list of all other hostnames the certificate is valid for) are set, if any? Which Certificate Authority issued the certificate or is it self signed?