Doing some testing against two IP address in the scope I find one web server in each one. Both host what it seems the same web application.
They are different public (accessible through Internet) IP addresses and there are no explicit redirects (30X) between them.
What I'm looking for are indicators that can help me to conclude that both web servers are just one.
Is it possible to know if both IP addresses are pointing to the same web server? How?
You could compare the Last-Modified HTTP headers for some static resources (e.g images, css), from each IP, and see whether they are different. If they are different I would assume the IPs are separate hosts.
You could also make a request to both IPs at the exact same moment and compare the Date HTTP header in the responses - if they are different then the IPs are likely to be different machines with their clocks out of sync.
If the site uses session cookies, you could start a session on the first IP, and then try using the same session cookie with the second IP, and see whether it recognises your session. If it doesn't then you are probably on a different host, if it does then you might be on the same host, or the sessions are not getting managed in the web server.
Ping each system so they're in your system routing tables. Run >arp -a
That should list the IP addresses and the corresponding MAC addresses. If the two IP addresses have the same MAC address, then it's the same system.
Yes, a server could be present on many network, sub-networks, backbones and so.
If you reach a single host through two different routes, you will find the same server with two different ip.
If this server hold some certificats, they have to match a DNS name.
So you could find some of them under https, smtps, imaps, and so on...
You could use openssl tool to show such a certificat:
openssl s_client -connect REMOTEIP:443 -showcerts
But if you use tool like nmap and see exactly same service with same answers, you could think they are only one same server, but you could'nt be sure.
