Alternative to ping non existent ip

[shamanvirtuel]

we all know that pinging a non existent ip on the same network that we are sniffing will produce an arp request, that's weird, but it's true

it's useful for the -3 attack, when you are sniffing your own network & when you don't want waiting an arp coming

go on an other computer connected top this network(or a 2nd card in your laptop .....) and do the ping

i find another method that some of you must know but i want to share with those who don't know it....

the nemesis arp method

on the other computer (or same if 2 cards in laptop & connected to net)
nemesis arp -S 192.168.1.1 -D 255.255.255.255

-v verbose -S source ip IP of AP
-D destination (broadcast)

that will release one or 2 arp by broadcasting an arp request on the network you immediatly see airodump catching the 2 new arp

BEFORE
CH 10 ][ Elapsed: 8 mins ][ 2007-08-12 04:14

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ES

00:1A:6B:04:9E:2F 110 100 4716 246 0 10 54 WEP WEP L

BSSID STATION PWR Rate Lost Packets Probes



AFTER
CH 10 ][ Elapsed: 8 mins ][ 2007-08-12 04:15

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ES

00:1A:6B:04:9E:2F 110 100 4743 248 0 10 54 WEP WEP L

BSSID STATION PWR Rate Lost Packets Probes

00:1A:6B:04:9E:2F 00:1B:77:32:4E:EF 116 24-54 0 8

i think it's a 100 % work versus ping method wich may not work sometimes

hope you enjoy this little trick

[freemymind]

I was one who did not know this. Thanks for posting it shamanvirtuel.

I will defently give this a try on my network once I
a) Unbrick my wrt54g
b) get a new AP

heh oh well plenty of reading to do while its borked.

[punkrokk]

Nice post, that makes sense but I might not have thought to try that...

[shamanvirtuel]

it's also more logic than pinging a non existant ip.....
which is really weird no ?

[punkrokk]

The first thing I thought of was the old trick of putting a static IP in your arp table to get your laptop to connect to a system you know the MAC but not the IP in a large remote network. Not exactly the same, but a clever trick/way to use the tech, like yours

[theprez98]

it's also more logic than pinging a non existant ip.....
which is really weird no ?

I don't think its weird at all. Open up a new console, ping 192.168.1.### and you're off. It's simple.

[shamanvirtuel]

i mean i don't understand why the fact pinging such of ips, make an arp broadcast in the network....

if you can explain why logically it happens when we ping a non existent ip, i would very happy.....

[punkrokk]

Well, in order to do a ping, you need to do an arp because when you are pinging on your local network, you first need to do an arp request to find out the MAC address of the node you are trying to ping. (MAC layer, layer 2)

So when you ping, you actually send out a Layer 2/MAC broadcast to FF:FF:FF:FF:FF:FF asking who has 192.168.0.1 and you'll see in a packet capture that you'll see a reply if someone has it. (Like AB:CD:EF:12:34:56 has 192.168.0.1) This is the layer 2 part of a ping, IF you are in the same broadcast domain [I'm pretty sure you are if you are on a specific BSSID on an access point.] as the IP you are trying to find. If you are on a different subnet/broadcast domain, then arp entry for a remote IP is the mac address of your router.

Now because this (the ping) is happening at the network layer it would be nice to see what happening one layer below that, at the MAC layer. For this we can use the arp command.

You can do an info on arp to see what options you have.

If you do an arp -a this will show you the full arp table.

If you don't see the MAC address of the workstation that you are trying to ping in arp table then will never be able to ping that MAC address. (Unless you put a static entry in)

HTH if the above is confusing, here's a good starting point...http://www.linux.com/articles/50596 there is a good link to an overview of ARP in networking that explains why you can't have IPs without ARP...