Network without DHCP server

[imported_Deathray]

Passive monitoring. Usually within about 5 minutes of monitoring you can observe everything you need to determine all those things.

But is that possible on a switch?

OOPS, I read too fast. We are talking about wireless. Forget what I said about mac flooding :P

[Thorn]

But is that possible on a switch?

OOPS, I read too fast. We are talking about wireless. Forget what I said about mac flooding :P

Yes, even wired, and even on a switched network. There are several options:
1) Use the span port built into many switches.
2) "Hub out" a machine or even a whole segment.
3) Throw a tap on a machine/segment.

Some of it depends on how open or stealthy you are, and what you have access to as far as wiring closets, etc. Even just "hubbing" or tapping a single machine will usually get you enough information to get the IP range, GW, and DNS info.

[streaker69]

Yes, even wired, and even on a switched network. There are several options:
1) Use the span port built into many switches.
2) "Hub out" a machine or even a whole segment.
3) Throw a tap on a machine/segment.

Some of it depends on how open or stealthy you are, and what you have access to as far as wiring closets, etc. Even just "hubbing" or tapping a single machine will usually get you enough information to get the IP range, GW, and DNS info.

You forgot what we were talking about last week.

Develop an Inductively Coupled Passive Tap, (ICPT), and monitor the traffic.

[theprez98]

But is that possible on a switch?

ARP Poisoning

[freebsd_man]

Passive monitoring. Usually within about 5 minutes of monitoring you can observe everything you need to determine all those things. Of course, you do need to have prior knowledge of TCP/IP to understand what you are looking at. If you do have that knowledge though, those settings are easy to figure out.

if I understand you correctly this mean that i can get ip and gw from captured frame actually without connection to network I'm looking for ? just raw monitoring and then appropriate packet analyzer ?

[imported_=Tron=]

if I understand you correctly this mean that i can get ip and gw from captured frame actually without connection to network I'm looking for ? just raw monitoring and then appropriate packet analyzer ?

Exactly, you can try this yourself with wireshark if you have a second device that can act as the client on your AP. Simply use Wireshark to examine the packets that are transmitted and you should easily find all the information you need.

[imported_Deathray]

ARP Poisoning

But how will you ARP poison when you don't know the IP of the default gateway? Then you can't trick the targets to use the attacker as the GW.

[Thorn]

if I understand you correctly this mean that i can get ip and gw from captured frame actually without connection to network I'm looking for ? just raw monitoring and then appropriate packet analyzer ?

Yes, essentially that's it. That, and the big packet analyzer located between your ears.

[carboncopy]

Someone correct me if I am wrong, but I believe it can be done with Kismet.

[Thorn]

Someone correct me if I am wrong, but I believe it can be done with Kismet.

Not exactly. Kismet will capture the packets, and may display an IP address, but that's about it. For full analysis you'll need to look at the captures with a packet analyzer.