how to get a network's IPs?

Hi,

I have been recently to a install fest in a local college in a room
with network connections on each table. Some of the participants
connected their laptops to the network and in less than 5 minutes they
had the IP numbers, s-mask, GW to use the network. How did they do
that?

I tired repeating this at a local library with Knoppix live-CD but I
could see not network traffic before configuring my netcard and for
that, I needed an IP which, I could only get by knowing which IPs the
network used.

What did these guys use? Tcpdump? Ethereal? Some other ap?

Thanks,

TW

TW wrote:

> I have been recently to a install fest in a local college in a room
> with network connections on each table. Some of the participants
> connected their laptops to the network and in less than 5 minutes they
> had the IP numbers, s-mask, GW to use the network. How did they do
> that?

> What did these guys use? Tcpdump? Ethereal? Some other ap?

DHCP most likely (which requires a DHCP server running on the network to
assign IP addresses).

--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is

"TW" <(E-Mail Removed)> wrote:
>Hi,
>
>I have been recently to a install fest in a local college in a room
>with network connections on each table. Some of the participants
>connected their laptops to the network and in less than 5 minutes they
>had the IP numbers, s-mask, GW to use the network. How did they do
>that?

5 minutes??? How about 15 seconds!

>I tired repeating this at a local library with Knoppix live-CD but I
>could see not network traffic before configuring my netcard and for
>that, I needed an IP which, I could only get by knowing which IPs the
>network used.

Sheesh. I booted Knoppix on my laptop a couple days ago to see
what it looked like. It came up with a configured network!
(Which surprise me to no end because I use static IP's on my
wired network and had never realized that the DHCP server on my
wireless router would merrily answer a request on my LAN too!)

It is also true that more than one of the different kernel options
I tried resulted in the boot sequency hanging at the point where
it was querying the DHCP server... for reason I don't know.

>What did these guys use? Tcpdump? Ethereal? Some other ap?

There aren't many things you need to get a network connection, but
it can vary from one distribution to another, and it can also
greatly depend on the network itself, as to just how you get these
things.

You have to load a driver module (or have the driver built into
the kernel) for you particular network interface card. Your
normal boot scripts may do that for you, or not. For example,
on my laptop, which has an RTL8139 based NIC, I have to do

modprobe 8139too

And then I can either manually assign an IP address or get one
from a DHCP server. That is generally done with dhcpcd,

dhcpcd -d eth0

Which probably will automatically learn everything needed to
know to interface with whatever network is connected to the NIC.
That includes an IP address assigned to device eth0, a nameserver
address placed in /etc/resolv.conf and a set of routes in the
route table which mask off the appropriate subnet for the
assigned IP address and provide a default route to a gateway
to the Internet.

Of course, if the network you plug into does not have a DHCP
server, things get significantly complex. The only solution
that I would be willing to work with is to ask someone with the
authority to provide the correct information *and* authorization
for me to connect to that network.

We can probably assume that in the case you cite there was
indeed a DHCP server, because otherwise you'd have heard people
discussing the various addresses needed and you'd have
recognized that particular method of information distribution
for what is is, "word of mouth"! :-)

--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

(E-Mail Removed) (Floyd L. Davidson) writes:

>"TW" <(E-Mail Removed)> wrote:
>>Hi,
>>
>>I have been recently to a install fest in a local college in a room
>>with network connections on each table. Some of the participants
>>connected their laptops to the network and in less than 5 minutes they
>>had the IP numbers, s-mask, GW to use the network. How did they do
>>that?

It is called dhcp.
If not they snaffled the IP and probably broke the law.

Unruh <unruh-(E-Mail Removed)> wrote:
>(E-Mail Removed) (Floyd L. Davidson) writes:
>
>>"TW" <(E-Mail Removed)> wrote:
>>>Hi,
>>>
>>>I have been recently to a install fest in a local college in a room
>>>with network connections on each table. Some of the participants
>>>connected their laptops to the network and in less than 5 minutes they
>>>had the IP numbers, s-mask, GW to use the network. How did they do
>>>that?
>
>It is called dhcp.
>If not they snaffled the IP and probably broke the law.

What is the point of replying to an article, quoting no text from it
but leaving the attribution in, picking out one paragraph of quoted
text from the original article...

And then adding two lines which say *absolutely nothing*.

The article you responded to went into detail about DHCP. Your
claim that they would otherwise have been breaking the law is
abjectly ridiculous. What purpose would the "connections on
each table" be there for, other than an expectation that the
"install fest" people would actually use them?

I noted the significance of that in the article to which
you replied, so even that was a worthless waste of bandwidth.

--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

Floyd L. Davidson wrote:
> Your
> claim that they would otherwise have been breaking the law is
> abjectly ridiculous. What purpose would the "connections on
> each table" be there for, other than an expectation that the
> "install fest" people would actually use them?

Actually, I apologize for not being clear about a number of things
here:

1) it was *not* DHCP (even I can connect to that...). no, the network
had fixed IPs to be taken from a limited, if large, numbers of IPs
available to the building.
2) it was not "illegal" to find them. Only a somewhat ill-mannered
since these IPs were *not* given to the installfest participants. I
should note that the issue here was solely bandwith and that *nobody*
tried anything funny there (not with plenty of very savvy people -
unlike myself - looking over their shoulders).

They did use some kind of sniffer however. I have no idea which one
or, and that was my original question, I still do not know how one can
sniff a (non-DHCPed) network without knowing with what IP to configure
one's card.

I hope this clarified my question.

Cheers,

TW

"TW" <(E-Mail Removed)> wrote:
>Actually, I apologize for not being clear about a number of things
>here:

Ahhh... so what they actually had going was a game to see who
could hack into it; and those who couldn't, didn't waste
any bandwidth!

Well...

>1) it was *not* DHCP (even I can connect to that...). no, the network
>had fixed IPs to be taken from a limited, if large, numbers of IPs
>available to the building.

Okay, you aren't as green and wet as I was assuming then... ;-)

>2) it was not "illegal" to find them. Only a somewhat ill-mannered
>since these IPs were *not* given to the installfest participants. I
>should note that the issue here was solely bandwith and that *nobody*
>tried anything funny there (not with plenty of very savvy people -
>unlike myself - looking over their shoulders).

That is what I was assuming right from the start. They don't
have "install fests" at university facilities with network
connections on every table without having all the necessary
ducks lined up.

>They did use some kind of sniffer however. I have no idea which one
>or, and that was my original question, I still do not know how one can
>sniff a (non-DHCPed) network without knowing with what IP to configure
>one's card.

Oh, goodness... there are so many ways to do that it isn't
funny. You listed a couple to start with, and they would indeed
have indicated something, or they would *if* there is already at
least some kind of traffic on the LAN. But they won't give you a
usable address! Instead you get a hint as to which subnets
appear to be in use, which does suggest that you can try
addresses in those ranges. Of couse if someone got really into
this as a game, they would set up the entire LAN with *only*
host routes, and have not one single pre-existing host on a
subnet that could be routed! No traffic sniffer would detect
the right subnet for the IP range that could be used...

I don't know if this would actually work, but if faced with such
a task...

Try something fairly simple? First, the IP addresses will
almost certainly be in the non-routable private network space,
like 10.n.n.n and 192.168.n.n. So pick an IP in each of those,
configure the network interface for it, and send a ping to
255.255.255.255 to see what kind of responses you get. Each
ping will be answered by every interface on the LAN that can
route to that subnet. So if you are sitting on a usable subnet,
you'll know it.

That could easily be manually tested on three or four major
blocks of IP addresses, and if nothing popped up it would be
relatively easy to write a short shell script that would send a
broadcast ping on each and every typical subnet within each
block of IP addresses.

I suspect that would find a suitable IP address within minutes.

But of course, anyone sneaky enough to use host routing on
all the existing hosts... might also use only host routing
for the entire "block" of allowed IP addresses too! So they
might be odd addresses, none of which is contiguous with any
of the others.

That means you'd have to re-write the script to ping *every*
address in those blocks... It might take awhile, but you'd
find one eventually.

(And now you know what to do if *you* are the one designing
the game...)

--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) (E-Mail Removed)

"TW" <(E-Mail Removed)> writes:

>Floyd L. Davidson wrote:
>> Your
>> claim that they would otherwise have been breaking the law is
>> abjectly ridiculous. What purpose would the "connections on
>> each table" be there for, other than an expectation that the
>> "install fest" people would actually use them?

>Actually, I apologize for not being clear about a number of things
>here:

>1) it was *not* DHCP (even I can connect to that...). no, the network
>had fixed IPs to be taken from a limited, if large, numbers of IPs
>available to the building.
>2) it was not "illegal" to find them. Only a somewhat ill-mannered
>since these IPs were *not* given to the installfest participants. I
>should note that the issue here was solely bandwith and that *nobody*
>tried anything funny there (not with plenty of very savvy people -
>unlike myself - looking over their shoulders).

Actually in some (many?) jurisdictions, accessing a network without
authorization is illegal.

What they perhaps did was to sniff the net to discover the subnet it was
on, and then look for unoccupied IP addresses and try those. Of course they
could be only temporarity unoccupied, in which case you could get an IP
conflict.



>They did use some kind of sniffer however. I have no idea which one
>or, and that was my original question, I still do not know how one can
>sniff a (non-DHCPed) network without knowing with what IP to configure
>one's card.

Just give yourself a random IP and then use tcpdump to look at all the
traffic going by.

Unruh wrote:

> If not they snaffled the IP and probably broke the law.

What law?

James Knott <(E-Mail Removed)> writes:

>Unruh wrote:

>> If not they snaffled the IP and probably broke the law.

>What law?

Accessing a digital network without permission. Eg, the guy who used HOme
Depot wireless server to go onto the web. Got jail time.
It depends on the jurisdiction.