How can I find the resource that owns the unknown IP addresses in my Amazon VPC?

Last updated: 2020-12-28

I found unknown IP addresses in my Amazon Virtual Private Cloud (Amazon VPC) flow logs or firewall logs. The unknown IP addresses aren't assigned to an instance. How can I find the resource that owns these unknown IP addresses in my Amazon VPC?

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

Several resources can create elastic network interfaces in your Amazon VPC. To find the network interface that owns an IP address:

  1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  2. In the navigation pane, choose Network Interfaces.
  3. Click in the search box, and then choose Private IP.
  4. Enter the IP address that you're looking for in the search box. The network interfaces that meet your search criteria display.
  5. In the bottom pane, read the Description of the network interface to identify that resource that owns it.

Or, you can find the network interface that owns an IP address using the AWS CLI:

aws ec2 describe-network-interfaces --filters Name=addresses.private-ip-address,Values=IPv4 address

Notes:

  • Replace IPv4 address with the IP address that you're investigating.
  • Confirm that you have the correct Region set in the configuration. Otherwise, manually specify the Region with the --region parameter.

Did this article help?


Do you need billing or technical support?