detect IP address of a non-accessible machine

m4rtinm4rtin Member Posts: 170
in CCNP
I have one old special-purpose device which is running Linux(kernel 2.0). While it supports monitor, I don't have compatible keyboard for this device. It has IP address configured, but I have no idea what it is. There is no documentation and I can't nmap 0.0.0.0/0 :) If I connect my laptop to Ethernet port of the device and execute "tcpdump -ni eth0" I can wait for hours and nothing appears. I guess it just doesn't send anything out. Is there a way to detect IP address in such situation? I mean is there a certain type of packet which will trigger a reply from this device?
· Share on FacebookShare on Twitter

Comments

  • poguepogue Member Posts: 213
    I used to have to do an arp from a Windows lappie to find out the IP address of old HP JetDirect network cards in Laserjet printers.. I think the same should work in this situation if the box will respond correctly to arps.

    I found this command in another forum, don't know if it is formatted correctly, but you can give it a try:

    arp -na

    The other forum says this should respond back with all the MAC/IP combinations on the local network segment, so if you connect to this box with a crossover cable, that should be helpful. Let me know how it goes...

    Russ
    Currently working on: CCNA:Security
    Up next: CCNA:Voice
    · Share on FacebookShare on Twitter
  • poguepogue Member Posts: 213
    Also, others have mentioned this option:

    set up a tcpdump with "ether host aa:bb:cc:dd:ee:ff" option


    The overall thought process is: Use a tool that will ping the MAC broadcast address on the local LAN segment. Then do an arp -a (or similar) to see what MAC addresses have responded.. Then do a rarp command that will resolve the IP from the MAC in question.

    Russ
    Currently working on: CCNA:Security
    Up next: CCNA:Voice
    · Share on FacebookShare on Twitter
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    Do you have physical access to the server? (assuming you do as you've identified it had a monitor)

    If so and assuming it's a physical server

    1. trace the network cable back to the switch port it's connected to
    2. Connect to that switch and run show mac address-table interface g1/0/7 (or whatever port you identified)
    3. Go to the layer 3 switch or router on the network and check the arp table with show ip arp | include aaaa.bbbb.cccc where a, b and c would obviously be replaced by the mac address

    Voila!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.