I`m a beginner and would like to know, how can you find a valid IP adress to start your scan, if all you have is the LAN cable....nothing more. No DHCP is enabled.
Any hints or clues on how to figure out a valid IP for usage?
Thank you all for your ideas and input on this.
Cheers
What I would do is start a packet capture (in promiscuous mode to get the maximum information by preventing the IP stack to drop packets not for your subnet) and wait for some ARP requests to be broadcasted, after a while you'll have an idea of the subnet on your segment.
If you never receive a broadcast, then there's probably some kind of Network Access Control (NAC) disallowing your mac address or just waiting you to send some kind of specific packet to announce yourself.
If you get broadcasts:
You'll first be able to guess roughly the subnet and its class (ARP who has requests).
Next you pick an IP in this range, try to keep close of any detected IP to avoid falling out of "weird" CIDR subnetting.
Now you can try to nmap the network you're on to get a better idea.
If you capture long enough you'll find "interesting" targets, unless there's workstations sharing files or servers in the same subnet the IP requested the most often should be the gateway of the subnet.
Anyway an address frequently requested will denote a server, hence an interesting target to scan deeply.
