User Tools

Site Tools


find_ip

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
find_ip [2008/02/17 13:55]
latinsud
find_ip [2008/02/17 13:58]
latinsud comment example
Line 14: Line 14:
   13:​46:​05.676650 00:​03:​6f:​e1:​5b:​21 > 00:​1a:​73:​3f:​7a:​9d,​ ethertype IPv4 (0x0800), length 142: 80.58.32.97.53 > 192.168.0.1 94.33387: ​ 5597 4/0/0 ...   13:​46:​05.676650 00:​03:​6f:​e1:​5b:​21 > 00:​1a:​73:​3f:​7a:​9d,​ ethertype IPv4 (0x0800), length 142: 80.58.32.97.53 > 192.168.0.1 94.33387: ​ 5597 4/0/0 ...
 In this example, ''​192.168.0.194''​ is a host in the network, and ''​00:​03:​6f:​e1:​5b:​21''​ is the mac address of the gateway. We don't know the ip address of the gateway yet, that would probably require waiting for an arp packet, or try guess it, or active scan. In this example, ''​192.168.0.194''​ is a host in the network, and ''​00:​03:​6f:​e1:​5b:​21''​ is the mac address of the gateway. We don't know the ip address of the gateway yet, that would probably require waiting for an arp packet, or try guess it, or active scan.
 +
  
 ===== DHCP discovery ===== ===== DHCP discovery =====
Line 19: Line 20:
   * If DHCP is enabled on the network, use a dhcp client or a fast discovery tool like [[http://​tv.latinsud.com/​dhd/​|DHD]].   * If DHCP is enabled on the network, use a dhcp client or a fast discovery tool like [[http://​tv.latinsud.com/​dhd/​|DHD]].
  
 +  * Eg:
 +<​code>​
 +# dhd
 +Sniffing on any
 +Injecting on eth1 (00:​0b:​16:​a1:​b2:​c3)
  
 + #0:
 +        SERVER-MAC: 00:​03:​6f:​e1:​5b:​21
 +               IP: 192.168.0.1
 +        CLIENT-MAC: 00:​0b:​16:​a1:​b2:​c3
 +               IP: 192.168.0.195
 +               MASK: 255.255.255.0
 +        GW: 192.168.0.1
 +        DNS: 192.168.0.1
 +
 + >>​ "​0 ​ "​0 ​ "​0 ​ "0
 +</​code>​
 +In this example, ''​192.168.0.1''​ with mac address ''​00:​03:​6f:​e1:​5b:​21''​ is the gateway.
  
 ===== Active scan ===== ===== Active scan =====
Line 38: Line 56:
   192.168.0.194 ​  ​00:​1a:​73:​3f:​7a:​9d ​   01    060   ​Unknown vendor   192.168.0.194 ​  ​00:​1a:​73:​3f:​7a:​9d ​   01    060   ​Unknown vendor
 </​code>​ </​code>​
 +In this example, there are 2 hosts from which ''​192.168.0.1''​ with mac address ''​00:​03:​6f:​e1:​5b:​21''​ seems to be the gateway.
find_ip.txt ยท Last modified: 2008/02/17 13:58 by latinsud