I have a Lantronix network device that has been returned from a customer which has had a static IP address set in it. I have none of the network details that it was installed in. I do have its MAC address. I have tried connecting the device directly to my laptop and running wire shark but I'm new to this and I can't work out how to determine its IP address from all the data packets.
asked 18 May '16, 10:10
That's not the way to do it. Go to the devices' manual and lookup the reset procedure, usually something like holding some buttons on power on, or setting a loop between some ports. Otherwise you could setup a network scanner to sweep the IP address range you suspect the device to be on (usually a private range address). Unless the device autonomously sends packets (eg. SNMP notifications, or NTP queries) there's little to see.
answered 19 May '16, 01:08
If you've connected the two only to each other, all frames (packets) you can see in your capture should have only one of two source MAC addresses: the one of your PC and the one of the blackbox. So apply a display filter
For the miracle to happen, you need that the blackbox feels a need to send something somewhere, or read something from somewhere, otherwise you are out of luck because it won't have any reason to send the ARP request you need.
A hint: don't connect them directly, insert a hub or switch between them, and use the following order of steps:
The reason to do it the above way is that you normally cannot start a capture on an interface which is down, and the frames you need might come between the moment the interface came up and the moment you've started the capture if the blackbox doesn't have much to send/receive.
Knowing the IP address, you'll still have to guess the mask, as it cannot be determined from the ARP requests nor anything else normally seen on the wire. So your best choice is to set
If you cannot catch any ARP request, Wireshark cannot help you and you'll have to use some scanning tool which will send arp requests to the device's MAC, asking for all possible IP addresses one by one.
answered 19 May '16, 01:13
Not to overlook a potentially simple and easy solution, have you tried simply asking the customer what the static IP address was set to on the device?
answered 19 May '16, 09:15