Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Identifying myself in a network?

  1. #1
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407

    Identifying myself in a network?

    Here's the situation. So the other day, I'm fooling around with traceroute and ping, and I notice that the second hop for each of my is the ip address 10.10.0.1. So realizing this is an internal IP, I start poking around. So I do a ping sweep of 10.10.0.1-255, and see a bunch of hosts up. So most likely this is some router at my ISP. I'm behind a router on a 192.168.0.x network, with the router being 192.168.0.1 and the gateway.

    What I am wanting to figure out is which of the 10.10.0.x addresses is my cable modem. I don't seem to ever get a hop on the cable modem. It always goes from 192.168.0.1 to 10.10.0.1. From my router's status page I see my external IP address (internet address, not a 10.10.0.x address) and my default gateway and DNS servers. For a while I was confused about why I was never getting the address my router was saying is my default gateway in my hops. Then I think I figured it out.
    Code:
    root@slax:~# ping -c 1 87.16.192.1 -t 1
    PING 87.16.192.1 (87.16.192.1) 56(84) bytes of data.
    From 192.168.0.1 icmp_seq=1 Time to live exceeded
    
    --- 87.16.192.1 ping statistics ---
    1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
    
    root@slax:~# ping -c 1 87.16.192.1 -t 2
    PING 87.16.192.1 (87.16.192.1) 56(84) bytes of data.
    64 bytes from 87.16.192.1: icmp_seq=1 ttl=254 time=8.20 ms
    
    --- 87.16.192.1 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 8.203/8.203/8.203/0.000 ms
    root@slax:~# ping -c 1 10.10.0.1 -t 1
    PING 10.10.0.1 (10.10.0.1) 56(84) bytes of data.
    From 192.168.0.1 icmp_seq=1 Time to live exceeded
    
    --- 10.10.0.1 ping statistics ---
    1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
    
    root@slax:~# ping -c 1 10.10.0.1 -t 2
    PING 10.10.0.1 (10.10.0.1) 56(84) bytes of data.
    64 bytes from 10.10.0.1: icmp_seq=1 ttl=254 time=8.64 ms
    
    --- 10.10.0.1 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 8.648/8.648/8.648/0.000 ms
    So now I'm pretty sure that 87.16.192.1 and 10.10.0.1 are different interfaces on the same device, which I think is a switch or hub or router at my ISP. But I'm still left with the question of which 10.10.0.x IP address is my cable modem. So far I could only think of one way to try and determine this. My neighbor is on the same 10.10.0.x net as me, so from his house I did two ping sweeps with my cable modem plugged in, both of which came up with the same hosts up. Then I unplugged my cable modem and did two more ping sweeps shortly after. There was no change in the hosts reported up. So that attempt at identifying my modem failed. Now I am asking you all if you can think of any way to identify myself among this network. Any ideas are appreciated. Thank you.

    P.S. For those of you asking why I care about this, I'm not sure. I guess I'm just curious. Also, I changed most of the IP's, but they should still make sense as for what they represent.

  2. #2
    Shrekkie Reloaded Raiden's Avatar
    Join Date
    Oct 2005
    Posts
    1,115
    Can you post the traceroutes, an ifconfig and a netstat -r of your computer.
    What type of broadband do you have ? DSL, cable, dial-up ?

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Not sure if your cable works the same as cable in the UK but your modem will usually be an integral part of your router, hence the ip addy that your ISP has assigned you will be the ip that your modem uses. therfore you wont get a "hop" on your modem so to speak, just your router, which you are getting as your default gateway.

    the 10 .x.x.x ip's will be your ISP's server that you log into as it is the second entry in your trace route, the first entry should nearly always be your default gateway after that following a logical path willl be your isp server maybe an isp proxy after that and then the tinternet!

  4. #4
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I have cable.

    Code:
    [root@h3r3tic1 ~]# traceroute google.com
    
    traceroute: Warning: google.com has multiple addresses; using 72.14.207.99
    
    traceroute to google.com (72.14.207.99), 30 hops max, 38 byte packets
    
     1  192.168.0.1 (192.168.0.1)  2.265 ms  1.334 ms  1.251 ms
    
     2  10.10.0.1 (10.10.0.1)  11.879 ms  7.644 ms  7.808 ms
    
     [omitted, stuff out on the internet eventually hitting 72.14.207.99]
    
    [root@h3r3tic1 ~]# ifconfig
    
    eth0      Link encap:Ethernet  HWaddr 00:04:5A:6A:86:58  
    
              inet addr:192.168.0.201  Bcast:192.168.0.255  Mask:255.255.255.0
    
              inet6 addr: fe80::204:5aff:fe6a:8658/64 Scope:Link
    
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    
              RX packets:1903482 errors:0 dropped:0 overruns:0 frame:0
    
              TX packets:587564 errors:0 dropped:0 overruns:0 carrier:0
    
              collisions:0 txqueuelen:1000 
    
              RX bytes:599823052 (572.0 Mb)  TX bytes:354592573 (338.1 Mb)
    
              Interrupt:3 Base address:0xb800 
    
    
    
    lo        Link encap:Local Loopback  
    
              inet addr:127.0.0.1  Mask:255.0.0.0
    
              inet6 addr: ::1/128 Scope:Host
    
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
    
              RX packets:204882 errors:0 dropped:0 overruns:0 frame:0
    
              TX packets:204882 errors:0 dropped:0 overruns:0 carrier:0
    
              collisions:0 txqueuelen:0 
    
              RX bytes:30188167 (28.7 Mb)  TX bytes:30188167 (28.7 Mb)
    
    
    
    sit0      Link encap:IPv6-in-IPv4  
    
              inet6 addr: ::127.0.0.1/96 Scope:Unknown
    
              inet6 addr: ::192.168.0.201/96 Scope:Compat
    
              UP RUNNING NOARP  MTU:1480  Metric:1
    
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    
              collisions:0 txqueuelen:0 
    
              RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
    
    
    
    [root@h3r3tic1 ~]# netstat -r
    
    Kernel IP routing table
    
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    
    192.168.0.0     *               255.255.255.0   U         0 0          0 eth0
    
    127.0.0.0       *               255.0.0.0       U         0 0          0 lo
    
    default         192.168.0.1     0.0.0.0         UG        0 0          0 eth0
    Hopefully I didn't omit too much from the traceroute. It took 16 hops.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    OK donkey, your cable modem is prolly in bridge mode. If this is the case, then you will not see the hop.

    Also, you can get your cable modem IP addys by simply logging into the device or, look at the WAN side of your SOHO router, this will give you the "internal" interface of your cable modem. Then go to a site like whatismyip.com and it will give you the "external" addy of the cable modem. My guess is that you're going to see that the external IP of the cable modem will show up as the WAN interface on your SOHO router.

    Stop hogging up all the stupid.



    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I can't login to the cable modem if I don't know which IP it is.

    The WAN ip given in my router is the same as my IP on the internet. I'm trying to figure out which 10.10.0.x IP corresponds to my cable modem. Nothing in my router's web config has said anything about that and that's the only interface (user interface not network interface) it has.

    I do have the MAC address of my cable modem. I'm thinking there's probably a way to figure out which 10.10.0.x IP belongs to the same MAC address as my cable modem. I'll look into figuring that out when I get home. Hopefully it's what I need. In the meantime, I'm still open to suggestions.

    Also, anyone is welcome to as much of the stupid as they want. I didn't realize I was hogging it.

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    You are hogging all the stupid. You just confirmed that you have a bridge mode cable modem by saying this:
    The WAN ip given in my router is the same as my IP on the internet.
    Since this is the case, what the hell do you care which interface it is? If you know the manufacturer of the nic on your modem, go look it up here:

    http://www.coffer.com/mac_find/

    Stop being a tool.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Senior Member
    Join Date
    Oct 2005
    Posts
    197
    Damnit thehorse13 every point I was going to make you made!haha! I work for an isp and they use 10 based addresses for there modems. Basicly so we can ping the modem, check the status, see if anythings connected, check the bandwidth usage, and other pettie fun things like that. Im sure most of you knew that. The only thing I could say off the top of my head is depending on the modem trying pinging 192.168.100.1 Im not sure if this is a standard but I do know some modems follow this. If you get replys from this and its _not_ your local lan. Then try connecting to it via http (http://192.168.100.1) it will look something like so...
    meh. -ech0.

  9. #9
    "pettie fun things"

    I'm more interested in the ISPs "deep inspection packets" article in Newsweek I read. "It's for the kid on P2P, juicing 3 teraflops in bandwidth a month."

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    trying pinging 192.168.100.1 Im not sure if this is a standard but I do know some modems follow this.
    Actually, it's not a standard. For instance, mine uses 192.168.254.254.

    I do wish we could chat longer, but I'm having an old friend for dinner.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •