Question

  • Creator
    Topic
  • #2243570

    How to determine the IP addresses and subnets if there’s no DHCP server

    Locked

    by arch_eldeeb ·

    I tried to connect a network that has some clients with manually assigned IPs and no DHCP server at all, when I attach my PC to the network it just keeps sending DHCP DISCOVER packets without any reply and ends up with APIPA and become isolated because of the different subnets.

    ==My Question==
    How can I know the subnets and the static IPs of the network that has no DHCP servers, since I can’t just try all the Private A,B and C class subnets one by one :).

    And yes, thank you, I know that I can ask one of the already connected clients about their IP data and that’s what I’ve done, but I’ll appreciate a “network tool or method” to follow.
    Thanks

All Answers

  • Author
    Replies
    • #2656295

      Clarifications

      by arch_eldeeb ·

      In reply to How to determine the IP addresses and subnets if there’s no DHCP server

      Clarifications

    • #2656277

      That’s a tough one mate

      by nonapeptide ·

      In reply to How to determine the IP addresses and subnets if there’s no DHCP server

      That’s also a problem that I’ve been wanting to solve for a while. The only solution that I can come up with (unless I’m overlooking something glaringly obvious) is to write a program that assigns your machine an IP adderss and subnet mask and then either passively listens for any kind of broadcast traffic or actively ping/snmp/NetBIOS scans a few common IP addresses (.1, .2, .3 for example) and a few random IP addresses. If no response, then it would change your IP and subnet mask and try the process again. I imagine that a utility like this would check for the most common address ranges and subnet masks first before moving to more obscure ones (e.g. 192.168.0.0/16 and 10.0.0.0 /8 or /16 would be tested before 172.23.8.0 / 20 or 192.168.128.0 / 17 )

      To my knowledge, a tool like that dose not exist, so my ramblings are not helping you any. 🙂

      Does anyone know of such a tool? If not, any suggestions on what language would be a good fit for it? Whatever it is, it better look like C if I’m going to have anything to do with it. 🙂

      This makes me wonder if Fluke has already put something like this in their hardware… hmmm… if not, maybe they could hire me… 🙂

      • #2656274

        well

        by cg it ·

        In reply to That’s a tough one mate

        there is a tool but you have to modify it.

        the wake on LAN tools all do discovery for both IP and MAC addresses BUT, you already have to be “on the network” to run discovery.

        With a little fun programming, you can make a wake on lan tool do other things like sniff, determine, query, broadcast, configure.

        • #2656271

          When you say “on the network” do you mean…

          by nonapeptide ·

          In reply to well

          …physically or logically? If I need to be logically on the network (correct IP and subnet) I fail to see how to apply this to the situation.

          Pardon the confusion, but I’m a bit fuzzy on this scenario. Of course, not having experience with WoL doesn’t help either.

          One more thing has been added to my “Google this someday” list. I guess I’ll just go read the Wikipedia article first. I’ve [i]already[/i] got too many things I need to learn!!! ::breathes into paper bag::

          🙂

        • #2657379

          Good concept, hard to apply :)

          by arch_eldeeb ·

          In reply to well

          Thanks a lot for the idea, will digg it and see where I reach.
          I’m not a programming guru, but I have friends who are, will ask them to help and will keep you updated if I reached something.

      • #2657374

        Nonapeptide, thanks for reply, tried something, but still nothing solved

        by arch_eldeeb ·

        In reply to That’s a tough one mate

        You know, I have a program that scans for live hosts in my subnet, I tried something stupid and it didn’t work ” wondering why?!!”
        I assigned myself a class C Ip address 192.168.0.2, and gave myself a class B subnet 255.255.0.0, and asked the program to scan my subnet and it went from 192.168.0.0 to 192.168.254.254 , so I’m done with the private class C, but then remembered that even if my ping reached 192.168.122.45 for example , the reply won’t reach me because I’m not in IT’S subnet.
        No other ideas please??

        • #2657715

          Out of ideas :(

          by nonapeptide ·

          In reply to Nonapeptide, thanks for reply, tried something, but still nothing solved

          Like I said, I’ve wanted a solution to this problem too.

          Looks like someone will have to code a solution, but my programming skills stop at helloWorld();

        • #2657702

          this has been around for quite some time..

          by cg it ·

          In reply to Out of ideas :(

          you need to capture packets, strip away NAT and you can see the source IP address. from the source IP address you can determine subnet mask.

          That’s one way.

          now you can create a program to query a LAN which will reveal it’s addressing scheme, that is IF you can gain access to the private LAN. you don’t need to know the addressing to gain access to the private LAN, just the ability to look at LAN traffic.

          Also a lot of businesses and residences use DHCP which provides addressing to clients that do not have addressing.

          you can send DHCP discover packets to determine if there is a DHCP server running. if you get the ACK packet, you can, with some more manipulation, get addressing.

          I’m certainly not going to tell someone how to hack, by providing code, or providing information on exploits. All the above ideas have been around since networking has been around.

          Heck, Cisco systems has their own network discovery code which will provide information on routers and switches in a pod, campus, regional level.

        • #2657621

          I figured it was possible, but have never tried it

          by nonapeptide ·

          In reply to this has been around for quite some time..

          I’ve been too busy to experiment the way I want to.

          I figured the regardless of a NIC’s configuration, the electric pulses are still hitting the card. It just seemed that without the proper IP addy and subnet mask an analyzer wouldn’t work. My original train of though on the subject said “just open Ethereal and listen for broadcast traffic” but no such thing when I tried. I recently was introduced to a network that I knew nothing about. I was connected to the LAN and opened MS Network Monitor 3.0 but ::slaps forehead:: can’t capture traffic without a configured NIC. Can’t configure NIC without traffic to figure out the address scheme. Can’t capture traffic… can’t configure NIC.. can’t… Argh.

          Simplified: In my (admittedly limited) experience one needs a LAN address to look at LAN traffic on a PC.

          Tell me I’m wrong, please. 🙂

        • #2455413

          I’m not hacking :)

          by arch_eldeeb ·

          In reply to this has been around for quite some time..

          I was just curious to know if I made it to my network is it going to be hard to determine the IPs or not.
          We have to think like them if we want to be protected from them 🙂
          And I tried wireshark, looks promising, also “snort” but looks complicated.
          Thanks for help.

        • #2455411

          Even on a switched port you can typically see enough to determine IPs

          by robo_dev ·

          In reply to I’m not hacking :)

          And there also are typically misconfigured devices on most networks that also give some info.

    • #2657709

      Hm

      by wesley.chin ·

      In reply to How to determine the IP addresses and subnets if there’s no DHCP server

      What is the OS? If OS is XP, type “cmd” in Run under the Start Menu, then type “ipconfig”, and hit enter on the keyboard.

      If the OS is XP, the information you are seeking should be returned.

      • #2657655

        Hi

        by ramuvr ·

        In reply to Hm

        How can I know the subnets and the static IPs of the network that has no DHCP servers?

        Answer:

        Well, I have no idea,

        Lets give this a try :

        cmd> ipconfig /displaydns

        well that will give you your host file entries and may be about one good IP for you to play around with. give it a 100+ that Ip and try.

      • #2455414

        Won’t work :)

        by arch_eldeeb ·

        In reply to Hm

        This will work only If I have already an IP

    • #2657643

      Just Install Ethereal and sniff the network

      by robo_dev ·

      In reply to How to determine the IP addresses and subnets if there’s no DHCP server

      Etheral or Wireshark are protocol analyzers. It will show you the traffic that it can see, and you should be able to determine the network information without any difficulty.

    • #2455410

      This was an imaginary example!!!! And It’s Solved.

      by arch_eldeeb ·

      In reply to How to determine the IP addresses and subnets if there’s no DHCP server

      Please everyone, that scenario is imaginary, I just wanted to know If I did it to my network, will this help increase security.
      And the answer is no!!, it can be determined by software like wireshark and snort as CG IT and robo_dev said.

      Thank you CG IT and robo_dev.

      • #2980144

        Hold on there.. No it doesn’t work!

        by iamnot ·

        In reply to This was an imaginary example!!!! And It’s Solved.

        So, it may work if there is other people using the network, so, yes, of course, you could go check out their machines.
        But, if you wanted to get into a WLAN that had no dhcp, and NO ONE ELSE WAS CONNECTED, then you can sniff all day with ethereal and sniff out nothing. So, the imaginary scenario(which should have been disclosed during the initial question to get the right answer)is, yes, you can disable dhcp and someone would have to know the subnet to get on, and NO etherreal would NOT work since it relies on connected traffic. Obviously as the author said in the beginning, if they had connected traffic, they could go over to another computer and type in the IP…
        Why I replied to this is to hopefully help someone else who wastes their time downloading a 24MB etherreal file that does nothing….

Viewing 4 reply threads