This is an old revision of the document!
Let's assume you must work in a network but they forgot to tell you the ip address range.
# tcpdump -nnei eth1 13:46:05.577596 00:1a:73:3f:7a:9d > 00:03:6f:e1:5b:21, ethertype IPv4 (0x0800), length 74: 192.168.0.194.33387 > 80.58.32.97.53: 5597+ A? www.google.com. (32) 13:46:05.676650 00:03:6f:e1:5b:21 > 00:1a:73:3f:7a:9d, ethertype IPv4 (0x0800), length 142: 80.58.32.97.53 > 192.168.0.1 94.33387: 5597 4/0/0 ...
In this example, 192.168.0.194
is a host in the network, and 00:03:6f:e1:5b:21
is the mac address of the gateway. We don't know the ip address of the gateway yet, that would probably require waiting for an arp packet, or try guess it, or active scan.
# netdiscover -i eth1 Currently scanning: 192.168.1.0/16 | Our Mac is: 00:0b:16:a1:b2:c3 2 Captured ARP Req/Rep packets, from 2 hosts. Total size: 102 _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor ----------------------------------------------------------------------------- 192.168.0.1 00:03:6f:e1:5b:21 01 042 Telsey SPA 192.168.0.194 00:1a:73:3f:7a:9d 01 060 Unknown vendor