Jump to content



Photo

How do you find out the IP of a unknown device?

Answered Go to the full post

  • Please log in to reply
20 replies to this topic

#16 OP +riahc3

riahc3

    Neowin's most indecisive member

  • Tech Issues Solved: 11
  • Joined: 09-April 03
  • Location: Spain
  • OS: Windows 7
  • Phone: HTC Desire Z

Posted 13 March 2014 - 13:43

Hello,

That was used as a example from when I KNOW a device is on my network. When I confirm it isnt, I guess the best method is using Wireshark and seeing ARP broadcasts, from what most of you comment :)

Correct?

My apoligies for not making clear the point of this thread.


#17 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 23
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 13 March 2014 - 14:42

I would use angry IP.  if it is a device on your network you could narrow it down very quickly as to what it is.  Within a few minutes I can find out what the ip is of any random device being that I usually know what subnet or range it is in.  255 or so addresses isn't a lot esp if you have your network setup right and can see which are windows devices (they resolve to a name) vs non windows devices (they don't resolve or resolve with a strange unknown name that isn't part of your deployment).  I am sorry that you don't like scanning like that, but within minutes or seconds you can easily determine the information you are trying to get, if all you are after is a ip address.  If you need a bit more information then sure wireshark, but that would require you to have the equipment to use wireshark properly (either a managed layer switch that you can enable a mirror port on, or a in the middle device where you see all traffic on the network.  Many deployments do not have layer 3 switching so relying on wireshark to get your answers on every network you encounter is foolish, you would need to expand your toolset.



#18 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 85
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 13 March 2014 - 15:56   Best Answer

while I agree that all networks are different and one tool might not be the best for a specific network.  If its a device you have your hands on you can always connect your laptop to the interface to sniff what its sending.  But sure if don't know where the device is in the DC and its only unmanaged switches you can have issues tracking something down for sure.

 

More than happy to discuss all the different ways that you could find an IP from a device in lots of different scenarios - since depending on the situation, different methodologies and or tools maybe be leveraged for the best way to get the information your seeking.

 

If you know its dhcp, I would just look to dhcp leases - especially if you know the mac from the outside of the device for example or its unique hardware so you would notice it from the first 3 of the mac per a vendor lookup, or that its different from all your other dhcp clients.. Or you can boot it and see the timestamp on the lease and rule out your known devices, etc..

 

If its something you bought off ebay or got 2nd hand can and not reset or console in, then I would connect it on an isolated network (say a laptop only with sniffer) and find its IP and then try to access interface from that IP, etc.  Or run a dhcp server on your laptop to give it an IP.  I would be hesitant to just connect some 2nd hand device to a production type network without first looking at its config or reset, etc.

 

Scanners can come in very handy in mapping out a network when you don't have access to managed switches or devices are quite - some will send out more noise then others and if busy network sometime there can be a lot of noise to go through if your just looking for devices on network.  Some devices might not even respond to a ping sweep though and looking at traffic might be required to catch when they arp for say their gateway IP, etc.

 

There is many variables that could come into play, every situation could be be vastly different.



#19 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 23
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 13 March 2014 - 16:12

that depends on the ping sweep.  angry ip doesn't only work on echo requests.



#20 OP +riahc3

riahc3

    Neowin's most indecisive member

  • Tech Issues Solved: 11
  • Joined: 09-April 03
  • Location: Spain
  • OS: Windows 7
  • Phone: HTC Desire Z

Posted 13 March 2014 - 17:58

Hello,

while I agree that all networks are different and one tool might not be the best for a specific network.  If its a device you have your hands on you can always connect your laptop to the interface to sniff what its sending.  But sure if don't know where the device is in the DC and its only unmanaged switches you can have issues tracking something down for sure.
 
More than happy to discuss all the different ways that you could find an IP from a device in lots of different scenarios - since depending on the situation, different methodologies and or tools maybe be leveraged for the best way to get the information your seeking.
 
If you know its dhcp, I would just look to dhcp leases - especially if you know the mac from the outside of the device for example or its unique hardware so you would notice it from the first 3 of the mac per a vendor lookup, or that its different from all your other dhcp clients.. Or you can boot it and see the timestamp on the lease and rule out your known devices, etc..
 
If its something you bought off ebay or got 2nd hand can and not reset or console in, then I would connect it on an isolated network (say a laptop only with sniffer) and find its IP and then try to access interface from that IP, etc.  Or run a dhcp server on your laptop to give it an IP.  I would be hesitant to just connect some 2nd hand device to a production type network without first looking at its config or reset, etc.
 
Scanners can come in very handy in mapping out a network when you don't have access to managed switches or devices are quite - some will send out more noise then others and if busy network sometime there can be a lot of noise to go through if your just looking for devices on network.  Some devices might not even respond to a ping sweep though and looking at traffic might be required to catch when they arp for say their gateway IP, etc.
 
There is many variables that could come into play, every situation could be be vastly different.

Exact answer I was looking for (in someone's reply)

You gave a general reply of the possible ways in most scenarios.

Thanks

#21 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 85
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 13 March 2014 - 18:08

that depends on the ping sweep.  angry ip doesn't only work on echo requests.

Very true there are other methods of using icmp to discover information about a device vs just echo reply..





Click here to login or here to register to remove this ad, it's free!