This is an old revision of the document!
Finding IP addresses
Let's assume you must work in a network but they forgot to tell you the ip address range.
- Simply use tcpdump, wireshark or any sniffer that displays the IP addresses of existing packets.
# tcpdump -nnei eth1 13:46:05.577596 00:1a:73:3f:7a:9d > 00:03:6f:e1:5b:21, ethertype IPv4 (0x0800), length 74: 192.168.0.194.33387 > 126.96.36.199.53: 5597+ A? www.google.com. (32) 13:46:05.676650 00:03:6f:e1:5b:21 > 00:1a:73:3f:7a:9d, ethertype IPv4 (0x0800), length 142: 188.8.131.52.53 > 192.168.0.1 94.33387: 5597 4/0/0 ...
In this example,
192.168.0.194 is a host in the network, and
00:03:6f:e1:5b:21 is the mac address of the gateway. We don't know the ip address of the gateway yet, that would probably require waiting for an arp packet, or try guess it, or active scan.
- If DHCP is enabled on the network, use a dhcp client or a fast discovery tool like DHD.
- Use a fast ARP scanner like netdiscover, or a multipurpose one like nmap, ettercap, etc.