find_ip
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
find_ip [2008/02/17 13:40] – created latinsud | find_ip [2008/02/17 13:53] – latinsud | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Finding IP addresses ====== | ====== Finding IP addresses ====== | ||
- | Assume | + | Let's assume |
===== Passive sniffing ===== | ===== Passive sniffing ===== | ||
* Simply use tcpdump, wireshark or any sniffer that displays the IP addresses of existing packets. | * Simply use tcpdump, wireshark or any sniffer that displays the IP addresses of existing packets. | ||
+ | |||
+ | * Eg: | ||
+ | |||
+ | # tcpdump -nnei eth1 | ||
+ | 13: | ||
+ | 13: | ||
+ | In this example, '' | ||
===== DHCP discovery ===== | ===== DHCP discovery ===== | ||
* If DHCP is enabled on the network, use a dhcp client or a fast discovery tool like [[http:// | * If DHCP is enabled on the network, use a dhcp client or a fast discovery tool like [[http:// | ||
+ | |||
===== Active scan ===== | ===== Active scan ===== | ||
* Use a fast ARP scanner like [[http:// | * Use a fast ARP scanner like [[http:// | ||
+ | |||
+ | * Eg: | ||
+ | |||
+ | # netdiscover -i eth1 | ||
+ | Currently scanning: 192.168.1.0/ | ||
+ | |||
+ | 2 Captured ARP Req/Rep packets, from 2 hosts. | ||
+ | _____________________________________________________________________________ | ||
+ | | ||
+ | ----------------------------------------------------------------------------- | ||
+ | 192.168.0.1 | ||
+ | 192.168.0.194 | ||
+ | |||
find_ip.txt · Last modified: 2008/02/17 13:58 by latinsud