Results 1 to 7 of 7

Thread: IP range with DHCP disabled

  1. #1
    InMyMind
    Guest

    Default IP range with DHCP disabled

    What tool you can recommend to sniff and discover an IP range in the network (open or protected) when DHCP is disabled? To then manually setup the interface.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by InMyMind View Post
    What tool you can recommend to sniff and discover an IP range in the network (open or protected) when DHCP is disabled? To then manually setup the interface.
    This is a joke, right? I mean, you're not really asking this, you're just testing us?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member
    Join Date
    May 2009
    Posts
    42

    Default

    Quote Originally Posted by streaker69 View Post
    This is a joke, right? I mean, you're not really asking this, you're just testing us?
    I must admit I can't answer, its not a situation I've ever experimented with. I usually like a static ip as you don't show up on DHCP client lists to the network admin on a lot of routers etc, but I connect the first time using DHCP, note the gateway, subnet mask etc and then disconnect and reconnect requesting a static ip.
    If DHCP were disabled I guess I'd try a social engineering type attack like trying some kind of email trojan or draw a network user to a malicious web page and try to discover the info needed to get a static address. I'd be interested in anyones advice on this.

  4. #4
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Open up Wireshark and just listen to the traffic, you'll see addresses such as 192.168.1.15 or whatever. Then just set your own IP address in that range. Add the default gateway. Here's a guide on how to set that stuff:

    Linux Internet Connection - Virjacode

    To get a list of all IP addresses detected on a network, along with a list of the MAC addresses they're assigned to, you can use a program called Internet Prober in Passive Mode:

    Internet Prober - Virjacode
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  5. #5
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    9

    Default

    You could also try using nmap assuming there are clients connected to the network.

    Class C example:
    Code:
    nmap -sP 192.168.0.0/24
    If anything, this will at least tell you what IP the gateway is at and you can generally guesstimate from there since it's right next to the network or broadcast address the majority of the time.

  6. #6
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    3

    Default

    As far I know the best tool to discover ip range / subnets (expecially in wired networks or in wifi networks without traffic) is netdiscover ( 1st result on google ).

    Nmap is ok but if you send arp requests (automatically used with -sP in ethernet networks) with a source IP address that is not part of the subnet, target systems discard them. So you should anytime change your IP address and launch nmap again for the new subnet... and this will take too long for a class like 10.*.*.*.

    Netdiscover automatically send arp requests with a IP source address belonging to the target subnet you are scanning for systems, so you have only to sit down and wait.

  7. #7
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Do you mean without getting caught? Then as Virchanza said, Wireshark in passive mode mind you. If you want flat out loud and speedy, I like nbtscan nbtscan - NETBIOS nameserver scanner which allows you to specify a prefix. To each his own.

    Oh my bag, this is in wireless.
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •