Finding an unknown local IP address?

[ZT3000]

The solution to this problem was found using the following scanning technique.


ARP Hunting for IP and MAC addresses

[skiddieleet]

So. Did you only find the mac address and IP, or were you also able to get to the web interface and stuff once you found those things? I should have made my scan range in my last post in this thread 192.168.0.1-192.168.254.254, not sure why I didn't. If you weren't able to connect to it after you found the IP, was it owned and did the 30 second reset mohaughn spoke of work? Just curious :P.

[ZT3000]

Here's the low down.

The WRT54G was found on 192.102.10.1 with subnet mask of 255.255.255.0, which was WAY out of my local subnet range.
Since the switch side of this router didn't care about the IP, it still switched all traffic.

Ping scanning (with NMap) did not work since I was on the local subnet unless I wanted to scan a small range, make IP and subnet changes, rescan, make changes, rescan, make changes..etc...forever.

NMap was so slow I could not reasonably use it, ARP scanning was much faster. Also I could not trust NMap since I didn't know exactly the correct parameters for only ARP scanning (no ports) and doubtful of it's handling of out of subnet scans.

Anyways, ARP is THE address resolution protocol.

Once I setup my laptop on the now known IP range and subnet mask, I easily entered the router with admin, admin.
Imagine my surprise when the firmware was NOT Netgear but sveasoft and just about every feature was turned off. I imagine that the IP change of this router was setup to make it literally invisible to the scanners and such and make it into a quasi-switch. Too bad I burst that bubble.
Now that I have charge of this router, I'm gonna play a bit and check out the sveasoft upgrade.

I tried another router/switch (DLink) and found the IP at 192.168.123.1, with ease, even though I was at 192.168.1.2 (used a subnet of 255.255.0.0 to find it).