Another Device ID help

For my home of over 100 IP addresses I’ve identified everything except one generic device. The MAC address and DHCP vendor is all that my fingbox is giving me. The Fing device identifier page comes back as a private MAC identifier. I’ve flagged the device and it seems to come online for only a minute or two at 3:00 AM and disconnects. So for the majority of the day it is offline! Nothing in my house seems broken with the device blocked. For security I’ve left it blocked but this is really nagging me. Any ideas?

Answers

  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Hi @Pimples
    Do you have a screenshot of the device? 
    @pwmeek @Hronos @kltaylor @Marc anything to add on this one?
    Could it be some sort of update software on another device like a media player?

    Community Manager at Fing

  • kltaylor
    kltaylor Member, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Hi @Pimples and welcome to the community.
    I have a 'tried and true' method to use in discovering what a device is.
    Block it from accessing the internet.
    Once you realize something has broken (reads: why your smart TV isn't accessing Netflix) then you can regroup and discover the device.  To clarify it, power it down and watch for the change in the Fing app.  If those tests work, then you've found your rogue network device.
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    pwmeek
  • vulcansheart
    vulcansheart Member, Beta Tester Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    kltaylor said:
    Hi @Pimples and welcome to the community.
    I have a 'tried and true' method to use in discovering what a device is.
    Block it from accessing the internet.
    Once you realize something has broken (reads: why your smart TV isn't accessing Netflix) then you can regroup and discover the device.  To clarify it, power it down and watch for the change in the Fing app.  If those tests work, then you've found your rogue network device.
    I call this the "unplug it and see who calls" method!
    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
    Hronoskltaylorjwoods7947
  • Hronos
    Hronos Member, Beta Tester Posts: 289
    100 Likes 100 Comments Second Anniversary 25 Awesomes
    ✭✭✭✭
    @vulcansheart most used IT workaround after "turn it off and on again" xD
    Keep looking up!
    vulcansheart
  • Pimples
    Pimples Member Posts: 8
    First Anniversary 5 Likes First Comment Photogenic

    That’s what I’ve done. The device has been blocked for two months and I can’t tell that anything IoT has been broken. The consistency in which it connects at the same time every day (3 AM all summer and now 2 AM with the recent end of daylight savings time) suggests that it’s a device as opposed to a hacker.


    VioletChepil
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    @Pimples let us know if you find out what it is eventually through the blocking method. 
    I'm afraid I don't have much more I can add on this other then this tool online for MAC vendor lookup.
    https://community.fing.com/discussion/841/our-new-tool-for-mac-vendor-lookup#latest
    Here is another way to improve device ID, but you'd need to know the device first: 
    https://community.fing.com/discussion/1121/improved-device-recognition-for-fingbox-users-testers-needed

    Community Manager at Fing

  • vulcansheart
    vulcansheart Member, Beta Tester Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭
    Can you try to do a port scan against the device when it comes online? I know that's typically 3AM/2AM, but it could be a good way to identify what services are running, which could give clues as to what it is.
    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
    pwmeekHronos
  • Pimples
    Pimples Member Posts: 8
    First Anniversary 5 Likes First Comment Photogenic

    Thanks everyone. Will update you with anything new. I tried a port scan but it went offline too quickly.

    VioletChepil
  • vulcansheart
    vulcansheart Member, Beta Tester Posts: 117
    100 Comments 25 Awesomes 5 Answers 25 Likes
    ✭✭✭

    It sounds like something that quickly checks for a firmware update based on a set schedule, then goes back to idle/sleep mode. Are you sure there are no unaccounted for smart devices, like a smart plug or lightbulb? Could even be a larger appliance, like a printer or smart coffee maker.

    41 4c 4c 20 59 4f 55 52 20 42 41 53 45 20 41 52 45 20 42 45 4c 4f 4e 47 20 54 4f 20 55 53
    VioletChepilHronos
  • Pimples
    Pimples Member Posts: 8
    First Anniversary 5 Likes First Comment Photogenic

    It was a Kindle! Probably checking every night for new downloads. I hadn’t used it for so long that its battery died. When I recharged it my Fingbox alerted me that the mystery device has come online.

    CiaranHronos
  • Ciaran
    Ciaran Administrator Posts: 1,180
    1000 Comments 250 Likes 50 Answers 100 Awesomes
    admin
    @Pimples Ahh, I see, thank you for confirming
    Ciaran (Admin at Fing)