Question
-
CreatorTopic
-
February 23, 2008 at 12:17 pm #2243570
How to determine the IP addresses and subnets if there’s no DHCP server
Lockedby arch_eldeeb · about 16 years, 1 month ago
I tried to connect a network that has some clients with manually assigned IPs and no DHCP server at all, when I attach my PC to the network it just keeps sending DHCP DISCOVER packets without any reply and ends up with APIPA and become isolated because of the different subnets.
==My Question==
How can I know the subnets and the static IPs of the network that has no DHCP servers, since I can’t just try all the Private A,B and C class subnets one by one :).And yes, thank you, I know that I can ask one of the already connected clients about their IP data and that’s what I’ve done, but I’ll appreciate a “network tool or method” to follow.
ThanksTopic is locked -
CreatorTopic
All Answers
-
AuthorReplies
-
-
February 23, 2008 at 12:17 pm #2656295
Clarifications
by arch_eldeeb · about 16 years, 1 month ago
In reply to How to determine the IP addresses and subnets if there’s no DHCP server
Clarifications
-
February 23, 2008 at 2:00 pm #2656277
That’s a tough one mate
by nonapeptide · about 16 years, 1 month ago
In reply to How to determine the IP addresses and subnets if there’s no DHCP server
That’s also a problem that I’ve been wanting to solve for a while. The only solution that I can come up with (unless I’m overlooking something glaringly obvious) is to write a program that assigns your machine an IP adderss and subnet mask and then either passively listens for any kind of broadcast traffic or actively ping/snmp/NetBIOS scans a few common IP addresses (.1, .2, .3 for example) and a few random IP addresses. If no response, then it would change your IP and subnet mask and try the process again. I imagine that a utility like this would check for the most common address ranges and subnet masks first before moving to more obscure ones (e.g. 192.168.0.0/16 and 10.0.0.0 /8 or /16 would be tested before 172.23.8.0 / 20 or 192.168.128.0 / 17 )
To my knowledge, a tool like that dose not exist, so my ramblings are not helping you any. 🙂
Does anyone know of such a tool? If not, any suggestions on what language would be a good fit for it? Whatever it is, it better look like C if I’m going to have anything to do with it. 🙂
This makes me wonder if Fluke has already put something like this in their hardware… hmmm… if not, maybe they could hire me… 🙂
-
February 23, 2008 at 2:08 pm #2656274
well
by cg it · about 16 years, 1 month ago
In reply to That’s a tough one mate
there is a tool but you have to modify it.
the wake on LAN tools all do discovery for both IP and MAC addresses BUT, you already have to be “on the network” to run discovery.
With a little fun programming, you can make a wake on lan tool do other things like sniff, determine, query, broadcast, configure.
-
February 23, 2008 at 2:19 pm #2656271
When you say “on the network” do you mean…
by nonapeptide · about 16 years, 1 month ago
In reply to well
…physically or logically? If I need to be logically on the network (correct IP and subnet) I fail to see how to apply this to the situation.
Pardon the confusion, but I’m a bit fuzzy on this scenario. Of course, not having experience with WoL doesn’t help either.
One more thing has been added to my “Google this someday” list. I guess I’ll just go read the Wikipedia article first. I’ve [i]already[/i] got too many things I need to learn!!! ::breathes into paper bag::
🙂
-
February 24, 2008 at 7:16 am #2657379
Good concept, hard to apply :)
by arch_eldeeb · about 16 years, 1 month ago
In reply to well
Thanks a lot for the idea, will digg it and see where I reach.
I’m not a programming guru, but I have friends who are, will ask them to help and will keep you updated if I reached something.
-
-
February 24, 2008 at 7:42 am #2657374
Nonapeptide, thanks for reply, tried something, but still nothing solved
by arch_eldeeb · about 16 years, 1 month ago
In reply to That’s a tough one mate
You know, I have a program that scans for live hosts in my subnet, I tried something stupid and it didn’t work ” wondering why?!!”
I assigned myself a class C Ip address 192.168.0.2, and gave myself a class B subnet 255.255.0.0, and asked the program to scan my subnet and it went from 192.168.0.0 to 192.168.254.254 , so I’m done with the private class C, but then remembered that even if my ping reached 192.168.122.45 for example , the reply won’t reach me because I’m not in IT’S subnet.
No other ideas please??-
February 25, 2008 at 6:39 am #2657715
Out of ideas :(
by nonapeptide · about 16 years, 1 month ago
In reply to Nonapeptide, thanks for reply, tried something, but still nothing solved
Like I said, I’ve wanted a solution to this problem too.
Looks like someone will have to code a solution, but my programming skills stop at helloWorld();
-
February 25, 2008 at 7:09 am #2657702
this has been around for quite some time..
by cg it · about 16 years, 1 month ago
In reply to Out of ideas :(
you need to capture packets, strip away NAT and you can see the source IP address. from the source IP address you can determine subnet mask.
That’s one way.
now you can create a program to query a LAN which will reveal it’s addressing scheme, that is IF you can gain access to the private LAN. you don’t need to know the addressing to gain access to the private LAN, just the ability to look at LAN traffic.
Also a lot of businesses and residences use DHCP which provides addressing to clients that do not have addressing.
you can send DHCP discover packets to determine if there is a DHCP server running. if you get the ACK packet, you can, with some more manipulation, get addressing.
I’m certainly not going to tell someone how to hack, by providing code, or providing information on exploits. All the above ideas have been around since networking has been around.
Heck, Cisco systems has their own network discovery code which will provide information on routers and switches in a pod, campus, regional level.
-
February 25, 2008 at 9:13 am #2657621
I figured it was possible, but have never tried it
by nonapeptide · about 16 years, 1 month ago
In reply to this has been around for quite some time..
I’ve been too busy to experiment the way I want to.
I figured the regardless of a NIC’s configuration, the electric pulses are still hitting the card. It just seemed that without the proper IP addy and subnet mask an analyzer wouldn’t work. My original train of though on the subject said “just open Ethereal and listen for broadcast traffic” but no such thing when I tried. I recently was introduced to a network that I knew nothing about. I was connected to the LAN and opened MS Network Monitor 3.0 but ::slaps forehead:: can’t capture traffic without a configured NIC. Can’t configure NIC without traffic to figure out the address scheme. Can’t capture traffic… can’t configure NIC.. can’t… Argh.
Simplified: In my (admittedly limited) experience one needs a LAN address to look at LAN traffic on a PC.
Tell me I’m wrong, please. 🙂
-
February 28, 2008 at 1:59 pm #2455413
I’m not hacking :)
by arch_eldeeb · about 16 years, 1 month ago
In reply to this has been around for quite some time..
I was just curious to know if I made it to my network is it going to be hard to determine the IPs or not.
We have to think like them if we want to be protected from them 🙂
And I tried wireshark, looks promising, also “snort” but looks complicated.
Thanks for help. -
February 28, 2008 at 2:04 pm #2455411
Even on a switched port you can typically see enough to determine IPs
by robo_dev · about 16 years, 1 month ago
In reply to I’m not hacking :)
And there also are typically misconfigured devices on most networks that also give some info.
-
-
-
February 25, 2008 at 6:58 am #2657709
Hm
by wesley.chin · about 16 years, 1 month ago
In reply to How to determine the IP addresses and subnets if there’s no DHCP server
What is the OS? If OS is XP, type “cmd” in Run under the Start Menu, then type “ipconfig”, and hit enter on the keyboard.
If the OS is XP, the information you are seeking should be returned.
-
February 25, 2008 at 8:34 am #2657655
Hi
by ramuvr · about 16 years, 1 month ago
In reply to Hm
How can I know the subnets and the static IPs of the network that has no DHCP servers?
Answer:
Well, I have no idea,
Lets give this a try :
cmd> ipconfig /displaydns
well that will give you your host file entries and may be about one good IP for you to play around with. give it a 100+ that Ip and try.
-
February 28, 2008 at 1:54 pm #2455414
Won’t work :)
by arch_eldeeb · about 16 years, 1 month ago
In reply to Hm
This will work only If I have already an IP
-
-
February 25, 2008 at 8:45 am #2657643
Just Install Ethereal and sniff the network
by robo_dev · about 16 years, 1 month ago
In reply to How to determine the IP addresses and subnets if there’s no DHCP server
Etheral or Wireshark are protocol analyzers. It will show you the traffic that it can see, and you should be able to determine the network information without any difficulty.
-
February 25, 2008 at 9:08 am #2657624
+1
by danke · about 16 years, 1 month ago
In reply to Just Install Ethereal and sniff the network
easy peazy.
or you could just look at the ip configuration of another machine… 🙂
-
-
February 28, 2008 at 2:08 pm #2455410
This was an imaginary example!!!! And It’s Solved.
by arch_eldeeb · about 16 years, 1 month ago
In reply to How to determine the IP addresses and subnets if there’s no DHCP server
Please everyone, that scenario is imaginary, I just wanted to know If I did it to my network, will this help increase security.
And the answer is no!!, it can be determined by software like wireshark and snort as CG IT and robo_dev said.Thank you CG IT and robo_dev.
-
December 30, 2008 at 9:53 pm #2980144
Hold on there.. No it doesn’t work!
by iamnot · about 15 years, 3 months ago
In reply to This was an imaginary example!!!! And It’s Solved.
So, it may work if there is other people using the network, so, yes, of course, you could go check out their machines.
But, if you wanted to get into a WLAN that had no dhcp, and NO ONE ELSE WAS CONNECTED, then you can sniff all day with ethereal and sniff out nothing. So, the imaginary scenario(which should have been disclosed during the initial question to get the right answer)is, yes, you can disable dhcp and someone would have to know the subnet to get on, and NO etherreal would NOT work since it relies on connected traffic. Obviously as the author said in the beginning, if they had connected traffic, they could go over to another computer and type in the IP…
Why I replied to this is to hopefully help someone else who wastes their time downloading a 24MB etherreal file that does nothing….
-
-
-
AuthorReplies