How can I find which resource owns the unknown IP addresses in my VPC?

Last updated: 2019-10-15

I found unknown IP addresses in my Amazon Virtual Private Cloud (Amazon VPC) flow logs or firewall logs. The unknown IP addresses are not assigned to an instance. How can I find which resource owns these unknown IP addresses in my Amazon VPC?

Resolution

Several resources can create elastic network interfaces in your Amazon VPC. To find which network interface owns an IP address:

  1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  2. In the navigation pane, choose Network Interfaces.
  3. Click in the search box and choose Private IP.
  4. Enter the IP address that you're looking for in the search box. The network interfaces that meet your search criteria display.
  5. In the bottom pane, read the Description of the network interface to determine which resource owns it.

Or, you can find which network interface owns an IP address using the AWS Command Line Interface (AWS CLI):

 aws ec2 describe-network-interfaces --filters Name=addresses.private-ip-address,Values=IPv4 address

Notes:

  • Replace IPv4 address with the IP address you're investigating.
  • Confirm that you have the correct Region set in the configuration. Otherwise, manually specify the Region with the --region parameter.

Did this article help you?

Anything we could improve?


Need more help?