I found unknown IP addresses in my Amazon Virtual Private Cloud (Amazon VPC) flow logs or firewall logs. The unknown IP addresses aren't assigned to an instance. How can I find the resource that currently owns these unknown IP addresses in my Amazon VPC?
Resolution
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.
Several resources can create elastic network interfaces in your Amazon VPC. To find the network interface that owns an IP address:
- Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
- In the navigation pane, choose Network Interfaces.
- Click in the search box, and then choose Primary private IPv4 address. If you're looking for a public IP, then choose Public IPv4 address when you click in the search box.
- Enter the IP address that you're looking for in the search box. The network interfaces that meet your search criteria appear.
Note: You can also enter the IP address into the search box without selecting a filter.
- In the bottom pane, read the Description of the network interface to identify the resource that owns it.
Or, use the AWS CLI to find the network interface that owns an IP address:
aws ec2 describe-network-interfaces --filters Name=addresses.private-ip-address,Values=IPv4 address
Notes:
- Replace IPv4 address with the IP address that you're investigating.
- Confirm that you have the correct Region set in the configuration. Otherwise, manually specify the Region with the --region parameter.
Related information
describe-network-interfaces