Differences

This shows you the differences between two versions of the page.

--- find_ip [2008/02/17 13:55]
latinsud
+++ find_ip [2008/02/17 13:58]
latinsud comment example
@@ Line 14: / Line 14: @@
 :46:05.676650 00:03:6f:e1:5b:21 > 00:1a:73:3f:7a:9d, ethertype IPv4 (0x0800), length 142: 80.58.32.97.53 > 192.168.0.1 94.33387:  5597 4/0/0 ...
 In this example, ''192.168.0.194'' is a host in the network, and ''00:03:6f:e1:5b:21'' is the mac address of the gateway. We don't know the ip address of the gateway yet, that would probably require waiting for an arp packet, or try guess it, or active scan.
 ===== DHCP discovery =====
@@ Line 19: / Line 20: @@
   * If DHCP is enabled on the network, use a dhcp client or a fast discovery tool like [[http://tv.latinsud.com/dhd/|DHD]].
+  * Eg:
+<code>
+# dhd
+Sniffing on any
+Injecting on eth1 (00:0b:16:a1:b2:c3)
+ #0:
+        SERVER-MAC: 00:03:6f:e1:5b:21
+               IP: 192.168.0.1
+        CLIENT-MAC: 00:0b:16:a1:b2:c3
+               IP: 192.168.0.195
+               MASK: 255.255.255.0
+        GW: 192.168.0.1
+        DNS: 192.168.0.1
+ >> "0  "0  "0  "0
+</code>
+In this example, ''192.168.0.1'' with mac address ''00:03:6f:e1:5b:21'' is the gateway.
 ===== Active scan =====
@@ Line 38: / Line 56: @@
 .168.0.194   00:1a:73:3f:7a:9d    01    060   Unknown vendor
 </code>
+In this example, there are 2 hosts from which ''192.168.0.1'' with mac address ''00:03:6f:e1:5b:21'' seems to be the gateway.

Aircrack-ng