6

Open question: How to find the IP address of a device?

As I understand, there are no guaranteed methods that work always, but there's a hundred approaches that work in specific situations, and I'd like to learn as many as possible.

The typical scenario is:

We receive some device from a customer to reconfigure/refurbish/repair. It's embedded, can be accessed over TCP/IP only. We either can't reset it to defaults (obscure procedure and no documentation) or the defaults are very obscure (we recently got one that defaulted to 10.100.0.111). Recovering login/password is a totally separate problem, first we need to access its web interface, and in order to do that we need to know its IP address.

The device is in our hands, locally - Wireshark, network sniffing, hard reset, all that is perfectly fine. Quite often the sticker with the MAC address is in place, so we know the MAC. This is not always the case but often a route to be investigated.

We have Linux and Windows workstations dedicated to service work that can be used for diagnostics. We have some electronics (like an oscilloscope) too, if bad comes to worse. We can set-up mostly any software we want on them.

If there's a need, we can leave the probe/scan running overnight or even over a couple of days, though faster solutions are definitely preferred.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
SF.
  • 277
  • 3
  • 9
  • An off the wall suggestion - how about charging the customer more if they don't provide you with the networking and login details? Use their wallets to coerce them into giving you the information. :-) – Greenstone Walker Jul 08 '13 at 21:24

3 Answers3

7
  • For the case when you have a MAC address you can use the arpping tool to get the IP address.
  • For case when you don't know the MAC address:

    1. You can generate regular ARP requests against all possible IP addresses with a tool such as nmap, by tuning the nmap option to be agressive. You will probably get a result in few minutes.

    2. If the device is sending data by itself (at boot for example) you can just run Wireshark to sniff packets and get its MAC address (and maybe the IP address at the same time).

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
radius
  • 9,545
  • 23
  • 45
  • And if you don't have MAC, you could always plug into a switch that can maintain a mac address/switch port database (es: cisco). – PiL Jun 23 '10 at 11:21
  • @Pier this would work if device is sending data by itself, otherway the switch will not no the MAC either. And if device is sending data by itself running wireshark on the PC is enough to get the mac. I will edit to add this, I was thinking this too trivial to tell it – radius Jun 23 '10 at 11:31
3

Some devices answer to 'pings' (ICMP echo-requests) to the broadcast '255.255.255.255' address.

Jacek Konieczny
  • 3,597
  • 2
  • 21
  • 22
1

There are quite a few software tools that will locate devices and their IP addresses on the network, using a variety of methods. On Windows my two favourites are NetworkView and Fluke Network Inspector.

I don't believe the Fluke software is available any more, but you may be able to source an old copy somewhere. It detects devices partly by watching the network traffic. Not sniffing but monitoring all the traffic that network devices use to keep their own knowledge of the network up to date. Works for TCP/IP, IXP/SPX, etc. Due to its age some device recognition is incorrect but that's normally no big deal.

There are two completely different programs that go by the name of NetworkView. I use this one. It's normally used to actively search for TCP/IP devices but can get a fair amount of information from most devices using things like port scans and SNMP queries.

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
John Gardeniers
  • 27,262
  • 12
  • 53
  • 108