How do I find the resource that currently owns an unknown IP address in my Amazon VPC?

2 minute read
2

I want to identify the resource that currently owns an unknown IP address in my Amazon Virtual Private Cloud (Amazon VPC).

Resolution

To identify a resource that currently owns an unknown IP address in your Amazon VPC, complete one of the following methods:

  • Find the network interface that owns the unknown IP address.
  • Use flow logs to identify if a public IP is from an AWS-owned resource.

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Find the network interface that owns the unknown IP address

Use the Amazon Elastic Compute Cloud (Amazon EC2) console

1.    Sign in to the Amazon Elastic Compute Cloud (Amazon EC2) console.

2.    In the navigation pane, choose Network Interfaces.

3.    In the search box, choose the following:

  • If you're looking for a private IP address, then choose Primary private IPv4 address.
  • If you're looking for a public IP address, then choose Public IPv4 address.

4.    In the search box, enter the IP address that you're looking for. The network interfaces that meet your search criteria appear.

5.    In Description, locate the network interface to identify the resource that owns the IP address.

Use the AWS Command Line Interface (AWS CLI)

To find the network interface that owns an IP address, run the following command:

aws ec2 describe-network-interfaces --filters "Name=addresses.private-ip-address,Values=example-unknown-IP"

Note: Make sure that the correct AWS Region is set in the configuration. If the correct Region isn't set, then manually set the Region with the --region parameter.

Use flow logs to identify if a public IP is from an AWS-owned resource

To check if a public IP address is from an AWS-owned resource, complete the following steps:

  1. Sign in to the AWS Management Console. Then, open the Amazon VPC page.
  2. Select your Amazon VPC and create a flow log.
  3. For the log record format, choose a custom format and include pkt-src-aws-service and pkt-dst-aws-service. If the traffic is going to or from an AWS service, then the AWS service appears in these fields.

Related information

describe-network-interfaces

AWS OFFICIAL
AWS OFFICIALUpdated 6 months ago