How to find unknown static IP on unknown sub net ?? Wireshark ??

antsrealm

Member
A
Join Date
Dec 2010
Location
Brisbane
Posts
207
Hi,

I have a device that has a static IP that is unknown on an unknown subnet. How can I find this IP using my laptop. I tried using wireshark directly connected to the device but because it is on another IP range I don't see the traffic.

I have since got this device working but I would like to know for future cases how you can find an IP in this situation. Is there a way to discover a device with an unknown static IP ?

Thanks,
Tony.
 
Ok, that's great. What would be the recommended settings in AngryIP to scan all possible IP's and how long would that roughly take to scan?

Thanks.
 
Having your PC on a different subnet will not limit your ability to possibly identify the unknown IP address. You are looking for ARP packets, generally, and the ones that are ARP requests or gratuitous are particularly useful for this, and they are sent as layer 2 broadcast so you will see them, no matter the IP range.

The issue with the Wireshark method is that it requires the unknown device to send these packets; many do: at startup for IP conflict detection and then sometimes periodically for continued probing. However, not all devices do this.

Sometimes you might get lucky and the device tries to discover it's default gateway, or maybe a DNS server, or even an NTP server, so will issue an ARP request for those IPs. These packets will provide information that you need too.

This assumes the device has a static IP. If it is configured for DHCP or BOOTP, that's a big help. Wireshark will show you those requests - in which case then setup a suitable server to provide the IP and then you would know what it is.

More advanced devices like routers and managed switches often send discovery packets (such as Cisco Discovery Protocol, or CDP, and others) that may contain the IP address in the data that is broadcast/multicast on the wire so inspection of the data in these packets sometimes yield useful information.

Your best chance with this method is to plug the unknown device and your test pc into a switch - just these - and power cycle the unknown device.

IP scanners are great - I personally use nmap or zenmap - but I only use if I know the subnet. I suppose it's possible to scan all possible IP address ranges but I suspect that may take hours/days/weeks? Would never consider it so don't know how long. If you got this route, suggest you assume the unknown device has a private IP address consistent with RFC 1918. This assumption will cut your search space down significantly. Of course it may be an incorrect assumption; you have to evaluate how valid it might be. It's where I would start 100% of the time, unless the device is directly attached to the Internet, and it's possible that the enterprise has been allocated real IPs.
 
Yeah thanks. I actually did what you suggested. In my case the device did send a DHCP discovery packet so I hooked up a switch and got the IP that way. But I was left wondering if I wasn't that lucky and it was static how would I find it, hence my post.

This device is vision system camera and the network port is purely used for commissioning and is not normally connected. Meaning the IP could be anything... So I am left to figure out what it is. Assuming I have no other info and I have to scan for it then I assume I have to scan all possible IP's... and that looks like it would take a while.
 
This is not a Cognex In-Sight camera by any chance? For those, there is a method of connecting using MAC address (which is printed on the nameplate) so the IP address can be reset.
 
If it is connected to a managed switch you should be able to get it's MAC address from the switch's MAC table which might also show you it's IP address.

OG
 
No it's a baumer verisens camera. But I did connect to the camera using a managed switch in the end. I just wanted to know how I could do it if that failed. AngryIP looks good.

Thanks everyone.
 
By my understanding, it would be 256*256*256*256, so 4,294,967,296. How many of those are actually legal addresses depends entirely on how the subnet masks are set up, and there are a number of areas that are theoretically reserved for specific purposes.

Note that if you try to ping all addresses between 0.0.0.0 and 255.255.255.255, you might have to change your subnet mask before you do so, or do it in sections, otherwise the packets won't get anywhere. Unless the tool automatically changes this for you, you will only be able to address the IP addresses within the subnet your ethernet card is assigned.
 

Similar Topics

S
How do i find unknown plc ip address
Dear all, we have allen breadly plc compactlogix L32.i dont know the ip address of this plc.so i could not get communication with plc...
Replies
10
Views
21,321
Saudi jamal
S
S
How do I find an unknown IP address?
Hello all, So the company I'm with just got the RSLogix 5000 software so I can make some changes to an existing machine. The Machine is running...
Replies
7
Views
17,585
geniusintraining
geniusintraining
P
Where to find TSB's for Rockwell Products?
Hi All, Wondering if anyone has a source for information about products with problematic production runs from allen bradley/rockwell. Ive seen...
Replies
2
Views
122
patrickmoneyy
P
S
Hi , Where i can find Mitsubishi PLC Card end of line & replacement model details. i am looking for Q02CPU replacement model. Please advice. thanks
Hi , Where i can find Mitsubishi PLC Card end of line & replacement model details. i am looking for Q02CPU replacement model. Please advice. thanks
Replies
2
Views
143
Sundar4163
S
S
Can Not Find Tag
I have tested every screen and no single screen individually has this fault pop up, but when I compile and send to the PanelView it comes up. If I...
Replies
4
Views
190
CageFreeBMW
C
Back
Top Bottom