find ALL reachable IP addresses in a switch?

Hi,

Is there a way to get ALL the IP addresses of a
local network, given an interface (eth0) that is
listening on it?

We accidentaly did reset an Wireless Access Point
and in order to configure it again, we need the
new IP address of it or climb a building tomorrow,
since we cannot enter today. So all I have is a
machine with Linux (Debian Woody) and an internet
connection to it.

The manual does not say anything about default
values, but since we have it plugged in the same
switch, it would be nice if we could get the IP
addresses of the devices plugged on it.

Since we changed the configuration using w3m, I
could have gotten the MAC address right away, but I
did not know how. I will never forget the "arp -an"
command.

I wonder if you can peek the IP address of a machine
if the MAC address is known, even if it´s in a
different network (with a different netmask, I mean).

Anything I should read?
Pointers?

Sniffing with tcpdump is not working, because the
Access Point it is not establishing connections by
itself.

Thanks,
Nelson.-

PS: If it's relevant, I am using an SAMSUNG SWL 3300AP.
It said it configured the IP 168.126.63.1, and I tried
to reach it using the netmasks 16 and 24, but none
worked. I wonder if this is the default IP of these
devices.

Nelson Castillo <(E-Mail Removed)> wrote:
> Is there a way to get ALL the IP addresses of a
> local network, given an interface (eth0) that is
> listening on it?

Something liket his?

jbuchana@nemo$ nmap -sP 192.168.0.*

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Host grimalkin (192.168.0.1) appears to be up.
Host zaphod (192.168.0.2) appears to be up.
Host flenser (192.168.0.3) appears to be up.
Host google (192.168.0.4) appears to be up.
Host nessus (192.168.0.6) appears to be up.
Host vmware (192.168.0.9) appears to be up.
Host tinuviel (192.168.0.13) appears to be up.
Host hobbes (192.168.0.12) appears to be up.
Host toshiba (192.168.0.14) appears to be up.
Host nemo (192.168.0.15) appears to be up.
Nmap run completed -- 256 IP addresses (10 hosts up) scanned in 5 seconds
jbuchana@nemo$

--
Jim Buchanan (E-Mail Removed) (E-Mail Removed)
=================== http://www.buchanan1.net/ ==========================
"Apart from the hackings, the defaced HP, Compaq, AltaVista and Intel
sites had another thing in common--the operating system in question
was Windows NT and the Web server IIS/4.0." -http://news.cnet.com/
================= Visit: http://www.thehungersite.com ==================

> jbuchana@nemo$ nmap -sP 192.168.0.*

Thanks a lot for the answer.

>>I wonder if you can peek the IP address of a machine
>>if the MAC address is known, even if it´s in a
>>different network (with a different netmask, I mean).

The problem got solved automatically and it
seems that one of the access points started
scanning channels until it found the other
one. We still don't know what happened, I must
admit. The AP got shown in a SNPM scan, and
we could restore its IP address (I wonder
how the connection got established...).

I'd still like to know if one can find one IP
address only knowing the MAC address of a
machine, without having to sniff packets. Or
whether one can establish a connection knowing
an MAC adress. I guess I will have to read
something here. Any pointers will be appreciated.

Thanks,
Nelson.-

On 20 Jul 2003 20:11:06 -0700, Nelson Castillo <(E-Mail Removed)> wrote:
>> jbuchana@nemo$ nmap -sP 192.168.0.*
>
> Thanks a lot for the answer.
>
>>>I wonder if you can peek the IP address of a machine
>>>if the MAC address is known, even if it´s in a
>>>different network (with a different netmask, I mean).
>
> The problem got solved automatically and it
> seems that one of the access points started
> scanning channels until it found the other
> one. We still don't know what happened, I must
> admit. The AP got shown in a SNPM scan, and
> we could restore its IP address (I wonder
> how the connection got established...).
>
> I'd still like to know if one can find one IP
> address only knowing the MAC address of a
> machine, without having to sniff packets. Or
> whether one can establish a connection knowing
> an MAC adress. I guess I will have to read
> something here. Any pointers will be appreciated.

Yes, if you know the MAC, and it is on the same local network (not going
through a router), you can manually assign an IP to it with 'arp -s
hostname hw_addr' (hostname could be an IP).

That does not actually set the IP on the destination machine, it just uses
that MAC to access it by that IP from the box the manual arp was set on.
In other words instead of doing an arp request to find the MAC for the IP,
it will use the manual arp entry for that IP to find the MAC.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/

Nelson Castillo wrote:
>> jbuchana@nemo$ nmap -sP 192.168.0.*
>
> Thanks a lot for the answer.
>
>>> I wonder if you can peek the IP address of a machine
>>> if the MAC address is known, even if it´s in a
>>> different network (with a different netmask, I mean).
>
> The problem got solved automatically and it
> seems that one of the access points started
> scanning channels until it found the other
> one. We still don't know what happened, I must
> admit. The AP got shown in a SNPM scan, and
> we could restore its IP address (I wonder
> how the connection got established...).
>
> I'd still like to know if one can find one IP
> address only knowing the MAC address of a
> machine, without having to sniff packets. Or
> whether one can establish a connection knowing
> an MAC adress. I guess I will have to read
> something here. Any pointers will be appreciated.
>

i'm no expert, but arp does the task of asking 'who-has 192.168.0.1' and in
return getting the MAC address of requested machine. So rarp (reverse arp)
kind of springs to mind.