User Tools

Site Tools


This is an old revision of the document!

Finding IP addresses

Let's assume you must work in a network but they forgot to tell you the ip address range.

Passive sniffing

  • Simply use tcpdump, wireshark or any sniffer that displays the IP addresses of existing packets.
  • Eg:
# tcpdump -nnei eth1
13:46:05.577596 00:1a:73:3f:7a:9d > 00:03:6f:e1:5b:21, ethertype IPv4 (0x0800), length 74: >  5597+ A? (32)
13:46:05.676650 00:03:6f:e1:5b:21 > 00:1a:73:3f:7a:9d, ethertype IPv4 (0x0800), length 142: > 94.33387:  5597 4/0/0 ...

In this example, is a host in the network, and 00:03:6f:e1:5b:21 is the mac address of the gateway. We don't know the ip address of the gateway yet, that would probably require waiting for an arp packet, or try guess it, or active scan.

DHCP discovery

  • If DHCP is enabled on the network, use a dhcp client or a fast discovery tool like DHD.

Active scan

  • Use a fast ARP scanner like netdiscover, or a multipurpose one like nmap, ettercap, etc.
find_ip.1203252696.txt.gz · Last modified: 2008/02/17 13:51 by latinsud