How to find unknown static IP on unknown sub net ?? Wireshark ??

robertkjonesjr said:
The issue with the Wireshark method is that it requires the unknown device to send these packets; many do: at startup for IP conflict detection and then sometimes periodically for continued probing. However, not all devices do this.
Click to expand...

Well it looks like I have a one of those "not all devices". I have a device with a static IP. When I sniff with wireshark and power the device on, I don't see anything from it's MAC vendor ID, or any ARP packets from it's IP. I know the IP. This is a product we manufacturer however it doesn't have any display or any easy means to reset the IP to a default value. Meaning, I need to tell my customers how to recover Ethernet comms if someone doesn't know the IP and its been set to some crazy static IP. Our R&D dept says they may have a solution but I thought I try and take the task on myself.

What is interesting is when I plug the device into my laptop (connected via crossover cable) I do see packets that start appearing however they all seem to be FROM my laptop. I see ARP packets among others but nothing I can see with our Vendor MAC ID, or the IP address I have it currently set to. It seems like my laptop knows something has appeared on the network however I don't know how to ID it.

I am fairly new to networking so there might be a good solution I don't know about.

Any ideas? I'm thinking maybe my only option is to connect a managed switch and look at its ARP table. I looked at my PC's ARP table and don't see the device I'm trying to find.
 
Are you sure you need a cross-over cable? did you try a normal cable? a lot of devices are designed to detect if they're connected to a 'server' (say switch or hub or anything) or a 'client' (computer or other device).
if that's the case the cross-over cable doesn't work
 
phred_t said:
I'm thinking maybe my only option is to connect a managed switch and look at its ARP table. I looked at my PC's ARP table and don't see the device I'm trying to find.
Click to expand...

I doubt this will help. Any switch will have a forwarding table, which links MAC addresses to a physical port. A managed switch will likely let you look at this table and maybe even manipulate it, but note that it links a MAC to a port - there is no IP address here. You would not likely see it on your PC either unless you were communicating with it at layer 3 already, i.e. by IP address and ping or whatever. But then that is circular - if you knew the IP, you wouldn't be looking for it.

The managed switch MAY have an ARP table or cache, which links MAC addresses to IP addresses, but only if there has been some recent communications between the devices and it is addressable over Ethernet (it could be managed through serial interface only so no need for an ARP cache). This is usually populated by ARP requests and responses, and if you don't see those on the wire, why would they be on the switch? Why would your device be talking to the switch anyway? That's usually a management activity. Now a router would be more likely; this would have an ARP cache, but again only if your device needs to use the router, and is configured to do so. You should see those packets on Wireshark. Your best chance is with a mirror or monitor port.

Only other things I can offer are to try and ping to broadcast and/or all hosts multicast to see if you get a response. No guarantee, but sometimes it works. Note that this works best if you have a default GW setup on your device otherwise it can be tough to give it that kick it needs to produce a packet. See last post:

http://www.plctalk.net/qanda/showthread.php?t=97967

If you are the manufacturer, an out-of-band method to check/change IP is a really, really nice feature - e.g. serial port, or worst case, reset to factory defaults with known a IP.
 
wimpiesplc said:
Are you sure you need a cross-over cable? did you try a normal cable? a lot of devices are designed to detect if they're connected to a 'server' (say switch or hub or anything) or a 'client' (computer or other device).
if that's the case the cross-over cable doesn't work
Click to expand...

I haven't needed to worry about crossover vs straight cables in years. As long as ONE of the two devices supports Auto MDI-X (sometimes called auto sense), then you can use either kind of cable and it works just fine. It can detect whether it needs to switch its own TX/RX to match the cable and device on the other side. He might not NEED a cross over cable, but it is very unlikely to hurt his cause.


https://en.wikipedia.org/wiki/Medium-dependent_interface
 
How about this one:

Have Wireshark running connected only to the device.

PING 255.255.255.255

This will send a broadcast to every device. That's why you don't want to be on the network-at-large and flood the network!

But you should see two different responses. One from your pc and one from the device.
 
robertkjonesjr said:
Only other things I can offer are to try and ping to broadcast and/or all hosts multicast to see if you get a response. No guarantee, but sometimes it works. Note that this works best if you have a default GW setup on your device otherwise it can be tough to give it that kick it needs to produce a packet. See last post:

http://www.plctalk.net/qanda/showthread.php?t=97967
Click to expand...

Yeah my first recommendation was a reset to default button like on a home router. It doesn't sound like that is going to happen.

Any idea how to broadcast ping in windows 7? Ping 255.255.255.255 doesn't work. I googled it and there seems to be a mass a info out there without a clear way to do it. Maybe it's not possible in Win 7?
 
About a year ago, I tried a program from Germany - Paessler. It may be overkill for what you're trying to do on your network, but it is quite thorough. (and expensive).

Quick note: "It's" means "it is, or "it has".
The possessive form of "it" is "its".
His, hers, theirs, ours, yours, its.
 
Last edited:
You could try multicast ping: 224.0.0.1

Another thought: if it's not in the ARP table, what would happen if you entered it manually, giving it an IP that you know?
 
This is the domain of Linux - much more flexibility. However, fping tool (http://fping.org/fping.1.html) will allow broadcast ping from Windows 7. My results

Code: 
C:\>fping 255.255.255.255

Fast pinger version 3.00
(c) Wouter Dhondt (http://www.kwakkelflap.com)

Pinging 255.255.255.255 [255.255.255.255] with 32 bytes of data every 1000 ms:

sendto() - An attempt was made to access a socket in a way forbidden by its 
access permissions.

switching to ICMP dll
Pinging 255.255.255.255 [255.255.255.255] with 32 bytes of data every 1000 ms:

Reply[1] from 255.255.255.255: bytes=32 time=2.2 ms TTL=255
Reply[2] from 255.255.255.255: bytes=32 time=2.2 ms TTL=255

Ping statistics for 255.255.255.255:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
        Minimum = 2.2 ms, Maximum = 2.2 ms, Average = 2.2 ms
It's not that easy to find, but try here.

Here is the frame created from this exercise - note that layer 2 destination is broadcast (ff:ff:ff:ff:ff:ff) and the layer 3 destination is all hosts (255.255.255.255), and it is an echo request. If your device is on this local layer 2 domain, it will see this frame. What it does with it is anyone's guess...

BroadcastPing.jpg
 
Last edited:
mk42 said:
I haven't needed to worry about crossover vs straight cables in years. As long as ONE of the two devices supports Auto MDI-X (sometimes called auto sense), then you can use either kind of cable and it works just fine. It can detect whether it needs to switch its own TX/RX to match the cable and device on the other side. He might not NEED a cross over cable, but it is very unlikely to hurt his cause.


https://en.wikipedia.org/wiki/Medium-dependent_interface
Click to expand...

well, actually I did run into problems in some cases where you would expect the cross-over to work but it didn't... that's why I brought it up
 

Similar Topics

S
How do i find unknown plc ip address
Dear all, we have allen breadly plc compactlogix L32.i dont know the ip address of this plc.so i could not get communication with plc...
Replies
10
Views
21,546
Saudi jamal
S
S
How do I find an unknown IP address?
Hello all, So the company I'm with just got the RSLogix 5000 software so I can make some changes to an existing machine. The Machine is running...
Replies
7
Views
17,624
geniusintraining
geniusintraining
P
Where to find TSB's for Rockwell Products?
Hi All, Wondering if anyone has a source for information about products with problematic production runs from allen bradley/rockwell. Ive seen...
Replies
2
Views
176
patrickmoneyy
P
S
Hi , Where i can find Mitsubishi PLC Card end of line & replacement model details. i am looking for Q02CPU replacement model. Please advice. thanks
Hi , Where i can find Mitsubishi PLC Card end of line & replacement model details. i am looking for Q02CPU replacement model. Please advice. thanks
Replies
2
Views
203
Sundar4163
S
S
Can Not Find Tag
I have tested every screen and no single screen individually has this fault pop up, but when I compile and send to the PanelView it comes up. If I...
Replies
4
Views
209
CageFreeBMW
C
Back
Top Bottom