Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Finding IP addresses on a LAN

  1. #1
    Junior Member
    Join Date
    Feb 2004

    Finding IP addresses on a LAN

    I'm new, just trying to learn some things. I have a network securities class at school and for our final project we have to protect one of our machines against attackers in the class and use our other machine to try to crack into other people's boxes. I see a lot of tools for ping sweeps and such, but I was wondering if there is a quick way to find someones IP address on the LAN. All the ping tools I have seen, you have to give it a range of addresses, is there a tool that can go and see what is out there?

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    Thread moved from Security Tutorials to Newbie Security Questions. (The Tutorials sections are for people to post tutorials)

    Ping sweeps are the easiest and fastest. You might want to consider nmap and some of the ways it could pick up on what is out there. Alternatively, if you can see a dhcp list that would show where leases are and lastly, arp might give back some info.

    Oh.. and ettercap would also be good or a packetsniffer of some type.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Nov 2001
    if all are logged into the same lan just use the 'net view' command
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    NET VIEW command default will give you the machine name. You can then ping the machine name for IP. Now just scan the entire network based on the ip you get, using your scanner o' choice.

  5. #5
    CAn u tell me the command to get ip-address from pinging via name

  6. #6
    Senior Member
    Join Date
    Jun 2003
    if your using windows

    ping <name here>
    nslookup <name here>
    The internet, not just for stalkers and pervs, but for computer geeks too!

  7. #7
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Ethereal is a good packet sniffing software. run this on the LAN and it should pick up the IP quicker than **** if its transmitting anything. If there is a Gateway somewhere between you and the other computer you might not be able to see it with this tool. I wouldnt run any ping tools, it will bring too much attention to yourself.

    Another fast way is to mimic the Domain server, by taking its IP address and running Active Directory. once you name your server the same as the Proxy server and take its IP you now rule the school and have access to all. But if you do this you will piss off the Admin and might get kicked out of school.

    Lastly if you know the computers name you could ping it with the name to see if that gives you the IP. then get yourself a good password recovery disk, made from a linux boot disk and reset the password to that computer. I have the recovery disk and it works on recovering passwords but I havent tried it over the network yet but a freind said it works great.

  8. #8
    you can look in your arp table (arp -a) after pinging the brocast adress
    if their acualy trying to secure their boxes they probably wont respond to ping right?
    I would set my box to not reply to ping and runa sniffer and watch as they all give away their ip's with ping sweeps and brocast pings

  9. #9
    Senior Member
    Join Date
    Sep 2003
    Actually all the suggestions above are great.

    If i have no utilities on my machine i would try to ping broadcast address and then arp -a. Also if you look at your own IP address by going to the command line and typing ipconfig /all you will get your address and the subnet mask which you can figure out how many hosts possible on your subnet and the range of address'.

    Once you have that you can use NMAP, or type Net View and get a list of host names and ping by name.

    Or you can work with some demo tools out there to give you both the name, and the IP address as well as some security holes that might be open. I think if you download the trial of LanGuard it will let you do a network scan which will return results of all the information above, as well as information about what shares are open and usernames, pretty cool tool. Plus it will give you what i like to call "areas of interest" to look at :-)

    Hope this helps out some.
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Quite a lot of boxes don't respond to broadcast pings. This includes Windows boxes in their default config, and in other OS it may be configureable (Linux via sysctl)

    My recommendation for how to detect other boxes on a LAN is to just sit there and passively sniff. If they're Windows boxes in a reasonably standard config, they shout broadcasts announcing their netbios name, and a few other things, every couple of minutes. Of course you get their IP and MAC into the bargain. All without sending a single packet.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts