The managed switch MAY have an ARP table or cache, which links MAC addresses to IP addresses, but only if there has been some recent communications between the devices and it is addressable over Ethernet (it could be managed through serial interface only so no need for an ARP cache). But then that is circular - if you knew the IP, you wouldn't be looking for it. You would not likely see it on your PC either unless you were communicating with it at layer 3 already, i.e. A managed switch will likely let you look at this table and maybe even manipulate it, but note that it links a MAC to a port - there is no IP address here. Any switch will have a forwarding table, which links MAC addresses to a physical port. I looked at my PC's ARP table and don't see the device I'm trying to find. I'm thinking maybe my only option is to connect a managed switch and look at its ARP table. I am fairly new to networking so there might be a good solution I don't know about.Īny ideas? I'm thinking maybe my only option is to connect a managed switch and look at its ARP table. It seems like my laptop knows something has appeared on the network however I don't know how to ID it. I see ARP packets among others but nothing I can see with our Vendor MAC ID, or the IP address I have it currently set to. What is interesting is when I plug the device into my laptop (connected via crossover cable) I do see packets that start appearing however they all seem to be FROM my laptop. Our R&D dept says they may have a solution but I thought I try and take the task on myself. Meaning, I need to tell my customers how to recover Ethernet comms if someone doesn't know the IP and its been set to some crazy static IP. This is a product we manufacturer however it doesn't have any display or any easy means to reset the IP to a default value. When I sniff with wireshark and power the device on, I don't see anything from it's MAC vendor ID, or any ARP packets from it's IP. Well it looks like I have a one of those "not all devices". It's where I would start 100% of the time, unless the device is directly attached to the Internet, and it's possible that the enterprise has been allocated real IPs. Of course it may be an incorrect assumption you have to evaluate how valid it might be. This assumption will cut your search space down significantly. If you got this route, suggest you assume the unknown device has a private IP address consistent with RFC 1918. I suppose it's possible to scan all possible IP address ranges but I suspect that may take hours/days/weeks? Would never consider it so don't know how long. IP scanners are great - I personally use nmap or zenmap - but I only use if I know the subnet. Your best chance with this method is to plug the unknown device and your test pc into a switch - just these - and power cycle the unknown device. More advanced devices like routers and managed switches often send discovery packets (such as Cisco Discovery Protocol, or CDP, and others) that may contain the IP address in the data that is broadcast/multicast on the wire so inspection of the data in these packets sometimes yield useful information. Wireshark will show you those requests - in which case then setup a suitable server to provide the IP and then you would know what it is. If it is configured for DHCP or BOOTP, that's a big help. These packets will provide information that you need too. Sometimes you might get lucky and the device tries to discover it's default gateway, or maybe a DNS server, or even an NTP server, so will issue an ARP request for those IPs. The issue with the Wireshark method is that it requires the unknown device to send these packets many do: at startup for IP conflict detection and then sometimes periodically for continued probing. You are looking for ARP packets, generally, and the ones that are ARP requests or gratuitous are particularly useful for this, and they are sent as layer 2 broadcast so you will see them, no matter the IP range. Having your PC on a different subnet will not limit your ability to possibly identify the unknown IP address.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |