Question

Locked

How to determine the IP addresses and subnets if there's no DHCP server

By arch_eldeeb ·
I tried to connect a network that has some clients with manually assigned IPs and no DHCP server at all, when I attach my PC to the network it just keeps sending DHCP DISCOVER packets without any reply and ends up with APIPA and become isolated because of the different subnets.

==My Question==
How can I know the subnets and the static IPs of the network that has no DHCP servers, since I can't just try all the Private A,B and C class subnets one by one :).

And yes, thank you, I know that I can ask one of the already connected clients about their IP data and that's what I've done, but I'll appreciate a "network tool or method" to follow.
Thanks

This conversation is currently closed to new comments.

18 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

That's a tough one mate

by Nonapeptide In reply to How to determine the IP a ...

That's also a problem that I've been wanting to solve for a while. The only solution that I can come up with (unless I'm overlooking something glaringly obvious) is to write a program that assigns your machine an IP adderss and subnet mask and then either passively listens for any kind of broadcast traffic or actively ping/snmp/NetBIOS scans a few common IP addresses (.1, .2, .3 for example) and a few random IP addresses. If no response, then it would change your IP and subnet mask and try the process again. I imagine that a utility like this would check for the most common address ranges and subnet masks first before moving to more obscure ones (e.g. 192.168.0.0/16 and 10.0.0.0 /8 or /16 would be tested before 172.23.8.0 / 20 or 192.168.128.0 / 17 )

To my knowledge, a tool like that dose not exist, so my ramblings are not helping you any. :)

Does anyone know of such a tool? If not, any suggestions on what language would be a good fit for it? Whatever it is, it better look like C if I'm going to have anything to do with it. :)

This makes me wonder if Fluke has already put something like this in their hardware... hmmm... if not, maybe they could hire me... :)

Collapse -

well

by CG IT In reply to That's a tough one mate

there is a tool but you have to modify it.

the wake on LAN tools all do discovery for both IP and MAC addresses BUT, you already have to be "on the network" to run discovery.

With a little fun programming, you can make a wake on lan tool do other things like sniff, determine, query, broadcast, configure.

Collapse -

When you say "on the network" do you mean...

by Nonapeptide In reply to well

...physically or logically? If I need to be logically on the network (correct IP and subnet) I fail to see how to apply this to the situation.

Pardon the confusion, but I'm a bit fuzzy on this scenario. Of course, not having experience with WoL doesn't help either.

One more thing has been added to my "Google this someday" list. I guess I'll just go read the Wikipedia article first. I've already got too many things I need to learn!!! ::breathes into paper bag::

:)

Collapse -

Good concept, hard to apply :)

by arch_eldeeb In reply to well

Thanks a lot for the idea, will digg it and see where I reach.
I'm not a programming guru, but I have friends who are, will ask them to help and will keep you updated if I reached something.

Collapse -

Nonapeptide, thanks for reply, tried something, but still nothing solved

by arch_eldeeb In reply to That's a tough one mate

You know, I have a program that scans for live hosts in my subnet, I tried something stupid and it didn't work " wondering why?!!"
I assigned myself a class C Ip address 192.168.0.2, and gave myself a class B subnet 255.255.0.0, and asked the program to scan my subnet and it went from 192.168.0.0 to 192.168.254.254 , so I'm done with the private class C, but then remembered that even if my ping reached 192.168.122.45 for example , the reply won't reach me because I'm not in IT'S subnet.
No other ideas please??

Collapse -

Out of ideas

by Nonapeptide In reply to Nonapeptide, thanks for r ...

Like I said, I've wanted a solution to this problem too.

Looks like someone will have to code a solution, but my programming skills stop at helloWorld();

Collapse -

this has been around for quite some time..

by CG IT In reply to Out of ideas :(

you need to capture packets, strip away NAT and you can see the source IP address. from the source IP address you can determine subnet mask.

That's one way.

now you can create a program to query a LAN which will reveal it's addressing scheme, that is IF you can gain access to the private LAN. you don't need to know the addressing to gain access to the private LAN, just the ability to look at LAN traffic.

Also a lot of businesses and residences use DHCP which provides addressing to clients that do not have addressing.

you can send DHCP discover packets to determine if there is a DHCP server running. if you get the ACK packet, you can, with some more manipulation, get addressing.

I'm certainly not going to tell someone how to hack, by providing code, or providing information on exploits. All the above ideas have been around since networking has been around.

Heck, Cisco systems has their own network discovery code which will provide information on routers and switches in a pod, campus, regional level.

Collapse -

I figured it was possible, but have never tried it

by Nonapeptide In reply to this has been around for ...

I've been too busy to experiment the way I want to.

I figured the regardless of a NIC's configuration, the electric pulses are still hitting the card. It just seemed that without the proper IP addy and subnet mask an analyzer wouldn't work. My original train of though on the subject said "just open Ethereal and listen for broadcast traffic" but no such thing when I tried. I recently was introduced to a network that I knew nothing about. I was connected to the LAN and opened MS Network Monitor 3.0 but ::slaps forehead:: can't capture traffic without a configured NIC. Can't configure NIC without traffic to figure out the address scheme. Can't capture traffic... can't configure NIC.. can't... Argh.

Simplified: In my (admittedly limited) experience one needs a LAN address to look at LAN traffic on a PC.

Tell me I'm wrong, please. :)

Collapse -

I'm not hacking :)

by arch_eldeeb In reply to this has been around for ...

I was just curious to know if I made it to my network is it going to be hard to determine the IPs or not.
We have to think like them if we want to be protected from them :)
And I tried wireshark, looks promising, also "snort" but looks complicated.
Thanks for help.

Collapse -

Even on a switched port you can typically see enough to determine IPs

by robo_dev In reply to I'm not hacking :)

And there also are typically misconfigured devices on most networks that also give some info.

Back to Networks Forum
18 total posts (Page 1 of 2)   01 | 02   Next

Hardware Forums