Moving to general IT
I plugged my computer to a network that has some clients connected to it with manually assigned IPs, but no DHCP server at all.
My Pc kept sending DHCP DISCOVER packets with no reply and ended with APIPA and became isolated because of the different subnets.
== My Question ==
Is there a way to determine the manually assigned IPs and the subnets of the clients of a network that has no DHCP server on it? This sound simple but it's driving me nuts.
== My tries ==
Actually assigning myself manually all the class A,B and C private subnets one by one then scanning my subnet for live hosts will be a little bit time consuming ...
I tried something to automatically scan the available private subnets but turned out to be stupid and thus not working:-
I gave myself a class C IP 192.168.0.2 then assigned myself a class B subnet 255.255.0.0, then scanned my subnet with nmap, it went through 22.214.171.124 to 192.168.254.254 "192.168.0.0/16" but then realized that even if my ping request reached a host " 192.168.166.24 for example " , the reply won't reach me because I'm not on HIS subnet. am I right? please enlighten me with this.
Another theory was to write a program that automatically change my IP to all the private subnets one by one and scan each subnet before moving to the next, since I'm not a programming guru I was unable to do this by myself.
And by the way, all those helpful ppl out there that will angrily ask me to obtain the IP data from an already connected client, thanks a lot, I posted this to find an automated way that doesn't require bothering the already connected ppl.
Thanks in advance
Moving to general IT
How about promisc mode and listen for any new broadcasts? You may have to wait for a new PC to join network, not sure just a guess
Social engineering seems like the best solution.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
O.k, let me re-tell my story in a way that will be better to understand:
My friend gave me a Pre-shared key for a network that I'm sure it has clients, when I connect to the network, I get APIPA because of the absence of DHCP server and can't even know what's the subnet and the IPs of the already connected clients to start - let's say - sharing files with them or whatever.
I couldn't find a way to get the IP without sitting on one of the connected clients and taking the info from it.
Is there a way?
I mean if it's going to be not easy, this can be a considerable addition to security of a small network with an AP "no DHCP, manually assign IPs".
Does snort capture the whole negotiations packets till I can extract the IP of the newly joined client from a packet, or it will stop at link layer broadcasts because TCP broadcasts won't reach me because of the different subnets?
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
This thread is making me see red wavy things as well. You had better explain your self a little better. When people start talking about "my friends" and "my neighbor" said it was cool my finger starts to navigate towards the BAN button.