Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: How to determine or scan the manually assigned IPs if there's no DHCP server

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    31

    Default How to determine or scan the manually assigned IPs if there's no DHCP server

    I plugged my computer to a network that has some clients connected to it with manually assigned IPs, but no DHCP server at all.
    My Pc kept sending DHCP DISCOVER packets with no reply and ended with APIPA and became isolated because of the different subnets.

    == My Question ==
    Is there a way to determine the manually assigned IPs and the subnets of the clients of a network that has no DHCP server on it? This sound simple but it's driving me nuts.

    == My tries ==
    Actually assigning myself manually all the class A,B and C private subnets one by one then scanning my subnet for live hosts will be a little bit time consuming ...

    I tried something to automatically scan the available private subnets but turned out to be stupid and thus not working:-
    I gave myself a class C IP 192.168.0.2 then assigned myself a class B subnet 255.255.0.0, then scanned my subnet with nmap, it went through 196.168.0.0 to 192.168.254.254 "192.168.0.0/16" but then realized that even if my ping request reached a host " 192.168.166.24 for example " , the reply won't reach me because I'm not on HIS subnet. am I right? please enlighten me with this.

    Another theory was to write a program that automatically change my IP to all the private subnets one by one and scan each subnet before moving to the next, since I'm not a programming guru I was unable to do this by myself.

    And by the way, all those helpful ppl out there that will angrily ask me to obtain the IP data from an already connected client, thanks a lot, I posted this to find an automated way that doesn't require bothering the already connected ppl.

    Thanks in advance

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Moving to general IT

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by SherifEldeeb View Post
    ...then scanned my subnet with nmap, it went through 196.168.0.0 to 192.168.254.254 "192.168.0.0/16" but then realized that even if my ping request reached a host " 192.168.166.24 for example " , the reply won't reach me because I'm not on HIS subnet. am I right? please enlighten me with this.
    What kind of network is this?
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    How about promisc mode and listen for any new broadcasts? You may have to wait for a new PC to join network, not sure just a guess
    wtf?

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Social engineering seems like the best solution.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Junior Member
    Join Date
    Jan 2010
    Posts
    31

    Default

    Quote Originally Posted by swc666 View Post
    What kind of network is this?
    Sorry for not being clear enough.

    O.k, let me re-tell my story in a way that will be better to understand:

    My friend gave me a Pre-shared key for a network that I'm sure it has clients, when I connect to the network, I get APIPA because of the absence of DHCP server and can't even know what's the subnet and the IPs of the already connected clients to start - let's say - sharing files with them or whatever.

    I couldn't find a way to get the IP without sitting on one of the connected clients and taking the info from it.

    Is there a way?

    I mean if it's going to be not easy, this can be a considerable addition to security of a small network with an AP "no DHCP, manually assign IPs".

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Posts
    31

    Default

    Quote Originally Posted by Andy90 View Post
    How about promisc mode and listen for any new broadcasts? You may have to wait for a new PC to join network, not sure just a guess
    Will this be efficient in a switched environment?

    Does snort capture the whole negotiations packets till I can extract the IP of the newly joined client from a packet, or it will stop at link layer broadcasts because TCP broadcasts won't reach me because of the different subnets?

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by SherifEldeeb View Post
    Sorry for not being clear enough.

    O.k, let me re-tell my story in a way that will be better to understand:

    My friend gave me a Pre-shared key for a network that I'm sure it has clients, when I connect to the network, I get APIPA because of the absence of DHCP server and can't even know what's the subnet and the IPs of the already connected clients to start - let's say - sharing files with them or whatever.

    I couldn't find a way to get the IP without sitting on one of the connected clients and taking the info from it.

    Is there a way?

    I mean if it's going to be not easy, this can be a considerable addition to security of a small network with an AP "no DHCP, manually assign IPs".


    Dunno, this image just popped into my head.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    @streaker - rofl


    Quote Originally Posted by SherifEldeeb View Post
    Will this be efficient in a switched environment?

    Does snort capture the whole negotiations packets till I can extract the IP of the newly joined client from a packet, or it will stop at link layer broadcasts because TCP broadcasts won't reach me because of the different subnets?
    If I'm right (if), then a switched environment yes, a routed environment no (well a bit but depends on the network design).
    wtf?

  10. #10
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    This thread is making me see red wavy things as well. You had better explain your self a little better. When people start talking about "my friends" and "my neighbor" said it was cool my finger starts to navigate towards the BAN button.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •