Finding an unknown local IP address?
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 43

Thread: Finding an unknown local IP address?

  1. #1
    Senior Member
    Join Date
    Mar 2005
    Posts
    400

    Talking Finding an unknown local IP address?

    I've asked this question in the past somewhere, nobody knew how so I try again.

    First put your thinking caps on, boys and girls. Nice and tight?

    Lets say:

    You have a low to medium traffic volume network with devices on what seems a single subnet oh say.. 192.168.1.0, 255.255.255.0

    You have 15 physical static IP unmanaged devices attached to this network but only 14 show up after repeated IP, SNMP, or port scans from "behind" or "inside" the network perimeter. (yes, you can use snort).

    You can see the 15th device is a working non-gateway router (non-wireless).
    Scanning when directly attached to the unyielding 15th device gives same results.

    We want to get into the router to make some changes and using the devices default IP based on experience or the devices support docs is no help at all.

    We can temporarily remove the router for testing and perform a hardware reset but somehow we figure some fool (genius?) was able to set the factory defaults to it's current setting.

    How do we find which IP address (out of possible thousands) the device is storing and using?

    Yes...this scenario has happened on multiple occasions in real life.


    [Further credit for the ambitious types ]

    Now say the device IS a wireless router.


    ZT3000
    Beta tester of "0"s and "1"s"

  2. #2
    nmap the subnet.

    use ethereal to monitor the scan


    Any response that has 2 different macs at the same addy is the one.

    Furthermore. The MAC addy will automatically identify the device.



    Explain the extra credit? I'm not sure what you want... A bit sleepy.

  3. #3
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    I understand Synjaís response ( for the most part ), especially when it comes to what you want.

    ( What do you want ? )

    Are you looking for the physical address of the router, or are you looking for the address to administer the router?

    If the God Damn thing can be taken off-line ( you apparently know where it is and what it is hooked to ) then what is it you are looking for, and why?

    If it is a network that you control, just reset the damn thing!

    I donít understand the reason for the question ( or maybe the question itself, which may be why you didnít receive answers the first time. )

    I put my thinking cap on so tight it hurt!
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  4. #4
    Member
    Join Date
    Sep 2004
    Location
    Netherlands
    Posts
    63
    If you can actually take the router out of the network, I say put a console cable in, log into the box and see what it says as it's IP address.

    If you can't get in that way (anymore) just reset it to it's factory defaults or perform password recovery.

  5. #5
    Member
    Join Date
    Nov 2004
    Posts
    71
    Morvai, I get the impression that his wireless router has just "vanished" from the network. I doubt it is a router where you can just connect to a console port, rather you need to use the irritating web based interfaces. But it can't be found to connect to....
    I have had it happen to me before. I tend to just go for a factory reset. So much simpler.
    If everything looks perfect, then there is something you don\'t know

  6. #6
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    qwertyman66, you are correct in assuming it has just "vanished", because it has done just that.

    qwertyman66 is also correct in doubting that we can connect to a console port, because the device doesn't have one. Have to use the irritating web based interface we think.

    A nmap of the local network produces the 14, not 15 devices.

    As I stated before, factory resets do nothing. It's as if someone sometime diabolically changed the factory defaults. We scan but nothing is there.

    Again, the router operates fine, but we need to get the IP address to find out what it is, what settings it has and to make changes to it.

    How do we find which IP address (out of possible thousands) the device is storing and using?
    ZT3000
    Beta tester of "0"s and "1"s"

  7. #7
    Senior Member
    Join Date
    Jan 2004
    Posts
    228
    I had the same problem with my wireless router a while back. I didn't want to use the wireless router for it's routing features, just wireless connectivity, so turned off DHCP; set up my wireless security and then plugged into the switch portion of the router only. This allowed the wireless users or even the users connected into the other switch ports on the router to pull from the DHCP from the other router and be part of the same exact subnet.

    Of course this wasn't a problem to get into, because it was wireless and I assigned it an ip address and excluded it from the scope of my subnet. This allowed me to get into it anytime I wanted so I could make any type of changes. Just like a few of you all, I still ran into some problems and had to go back to factory defaults. I think that's just because it was a crappy router.

    My guess is that you have the router working as a switch and if that's the case, it has now been essential turned into a layer two device which doesn't get an ip address. In that case, you should be looking at a way to get the MAC for that particular device. Possibly ethereal would work, like someone else had mentioned. You're going to have to try and filter for the frame though. I kinda doubt you'll find one though because there isn't a packet for the frame to encapsulate because it doesn't have an IP

  8. #8
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    When using Nmap to ping the local network and using Ethereal to sniff the results gives 14 discovered devices which respond with MAC ID and IP. The 15th device is still silent.

    With no other connections to the router except the Nmap laptop running Ethereal the router is still silent

    Obviously the 15th device (router) has an IP, regardless if only the LAN ports are being used.
    No router that I'm aware of has an IP of zero.

    (replacing the router is NOT an option)
    ZT3000
    Beta tester of "0"s and "1"s"

  9. #9
    Ok... are we trying to find what IP is duplicated?

    or find a missing machine...

    what does -P0 do?

  10. #10
    Senior Member
    Join Date
    Jan 2004
    Posts
    228
    I don't know man. Are you using the uplink for on the router? If you're not, you oculd be just using the switch portion.

    What type of router are you using? Like the router I have, router with a built in switch. You could be using just the switch and not the actual router. The way I always understood those type of routers is that they are two seperate entities that are built into the same device. If you're not using the uplink port, then you're only using the switch portion which would only be bound to the MAC tables.

    Also, usually in programming, if you specify, "AND", it usually means that the result must contain both requests. If it didn't then we're looking at an, "OR". I can't tell you for certain without looking at the code used to write ethereal, but if, "AND" in it's user interface has any indication on the type of boolean statements used, then it would not show the MAC tables if that MAC address isn't bound to a datagram.

    Just because the router has an IP address, it doesn't mean you're using it. Without testing, I would imagine you're only using the switching funciton of the router.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •