Hi, I have a Lantronix network device that has been returned from a customer which has had a static IP address set in it. I have none of the network details that it was installed in. I do have its MAC address. I have tried connecting the device directly to my laptop and running wire shark but I'm new to this and I can't work out how to determine its IP address from all the data packets. Thanks asked 18 May '16, 10:10 Matthew Butcher |
4 Answers:
That's not the way to do it. Go to the devices' manual and lookup the reset procedure, usually something like holding some buttons on power on, or setting a loop between some ports. Otherwise you could setup a network scanner to sweep the IP address range you suspect the device to be on (usually a private range address). Unless the device autonomously sends packets (eg. SNMP notifications, or NTP queries) there's little to see. answered 19 May '16, 01:08 Jaap ♦ |
If you've connected the two only to each other, all frames (packets) you can see in your capture should have only one of two source MAC addresses: the one of your PC and the one of the blackbox. So apply a display filter For the miracle to happen, you need that the blackbox feels a need to send something somewhere, or read something from somewhere, otherwise you are out of luck because it won't have any reason to send the ARP request you need. A hint: don't connect them directly, insert a hub or switch between them, and use the following order of steps:
The reason to do it the above way is that you normally cannot start a capture on an interface which is down, and the frames you need might come between the moment the interface came up and the moment you've started the capture if the blackbox doesn't have much to send/receive. Knowing the IP address, you'll still have to guess the mask, as it cannot be determined from the ARP requests nor anything else normally seen on the wire. So your best choice is to set If you cannot catch any ARP request, Wireshark cannot help you and you'll have to use some scanning tool which will send arp requests to the device's MAC, asking for all possible IP addresses one by one. answered 19 May '16, 01:13 sindy I have tried this today but unfortunately can't get the device to send/receive anything. (19 May '16, 08:26) Matthew Butcher |
Not to overlook a potentially simple and easy solution, have you tried simply asking the customer what the static IP address was set to on the device? answered 19 May '16, 09:15 cmaynard ♦♦ |
Though I agree there is no guarantee that this works, this is always my first stop. It's fast, costs almost nothing, and works often enough for me that probability is in my favor next time the issue comes around.
I have found many devices (luckily) will actually produce frames for me - like arp requests for the default GW, ARP for some other host as part of the configuration, maybe some LLDP or CDP... The higher end the device, the more likely to get something here. Maybe it even implements RFC5227 for dup IP detection and issues ARP probes/ARP announcements at boot...
Then, of course, sometimes nothing comes out. Then absolutely - time to get the manual out and do a factory reset.
Unfortunately there doesn't seem to be a simple way to reset this device...
https://www.lantronix.com/products/xport-ar/
Does the software application "Device Installer" from Lantronix not locate it?
As Grahamb stated above.....Use "Device Installer", which is a software tool provided by Lantronix to locate and configure their devices.
http://www.lantronix.com/products/deviceinstaller/