How to guess net IP numbers?

Imagine that you find a hotspot with ESSID = "default" and without WEP
encryption.

Imagine that the network resides in an IP range that is 10.200.100.X and
masc: 255.255.0.0 but you don't know these IP.

How can you guess the IP numbers in order that you can enter the network.


Thanks in advance,


Josechu

>Imagine that you find a hotspot with ESSID = "default" and without WEP
>encryption.
>
>Imagine that the network resides in an IP range that is 10.200.100.X and
>masc: 255.255.0.0 but you don't know these IP.
>
>How can you guess the IP numbers in order that you can enter the network.

A useful tool for that would be a lan/network monitor - to show what traffic
their is. It'll show all sorts of info apart from ip then.

I'm sure someone else can suggest a free one for you, can't remember which ones
are free now.

Clive

"Josechu" <(E-Mail Removed)> wrote in message
news:bkjv8p$2jeqr$(E-Mail Removed)...
> How can you guess the IP numbers in order that you can enter the network.

By using a packet sniffer you might be able to get some information.
www.ethereal.com is an example of a good packet sniffer.

Regards,
Thor.

Sometime before 21 Sep 2003, Josechu stated:

> Imagine that you find a hotspot with ESSID = "default" and without WEP
> encryption.
>
> Imagine that the network resides in an IP range that is 10.200.100.X and
> masc: 255.255.0.0 but you don't know these IP.
>
> How can you guess the IP numbers in order that you can enter the network.
>
>
> Thanks in advance,
>
>
> Josechu
>
>

The packet sniffer is your friend! Some of them will decode the packets for
you and dump source and destination IP addresses. Others, well, you'll need
to know some TCP/IP stuff to decode them.

Most Windows-based packet sniffers--also called Protocol Analyzers--are
payware.

There are a handful of free Linux-based programs.

Happy hacking.

--
John Shirley
Remove SPAM SUCKS to E-mail

I think that the important information I need to extract from the wireless
data are a few bits:

The Gateway IP and the masc, that is, the 10.200.X.X IP of the gateway and
the 255.255.0.0 masc in the example above.

Is there a program that would give me those two IPs easily?


Josechu


"Josechu" <(E-Mail Removed)> wrote in message
news:bkjv8p$2jeqr$(E-Mail Removed)...
> Imagine that you find a hotspot with ESSID = "default" and without WEP
> encryption.
>
> Imagine that the network resides in an IP range that is 10.200.100.X and
> masc: 255.255.0.0 but you don't know these IP.
>
> How can you guess the IP numbers in order that you can enter the network.
>
>
> Thanks in advance,
>
>
> Josechu
>
>

Simple... let the network DHCP server get you an IP without any effort.

"Josechu" <(E-Mail Removed)> wrote in message
news:bkjv8p$2jeqr$(E-Mail Removed)...
> Imagine that you find a hotspot with ESSID = "default" and without WEP
> encryption.
>
> Imagine that the network resides in an IP range that is 10.200.100.X and
> masc: 255.255.0.0 but you don't know these IP.
>
> How can you guess the IP numbers in order that you can enter the network.
>
>
> Thanks in advance,
>
>
> Josechu
>
>

"Josechu" <(E-Mail Removed)> wrote in
news:bkknqn$2nk6v$(E-Mail Removed):

> I think that the important information I need to extract from the
> wireless data are a few bits:
>
> The Gateway IP and the masc, that is, the 10.200.X.X IP of the gateway
> and the 255.255.0.0 masc in the example above.
>
> Is there a program that would give me those two IPs easily?
>
>
> Josechu
>
>
> "Josechu" <(E-Mail Removed)> wrote in message
> news:bkjv8p$2jeqr$(E-Mail Removed)...
>> Imagine that you find a hotspot with ESSID = "default" and without
>> WEP encryption.
>>
>> Imagine that the network resides in an IP range that is 10.200.100.X
>> and masc: 255.255.0.0 but you don't know these IP.
>>
>> How can you guess the IP numbers in order that you can enter the
>> network.
>>
>>
>> Thanks in advance,
>>
>>
>> Josechu
>>
>>
>
>

/\/\/\/\
Older versions of NetXray can be found for free now ... but it won't
work on XP ... Just do a Google search and you will find it. I was
shocked to discover this recently when I was looking for a freebee
upgrade for my copy (so I "could" use it on my XP box).

I have an old (legitimate) copy from when I used to actually work and
use it on an ME machine to monitor the nose end of traffic on my home
network.

It will show direct IP addresses, MAC addresses (on the local network of
course), protocols ... do packet capture decoding ... whatever ... The
stuff cost 5K US in it's day and I think that is about what it costs for
a current version copy today.

Anyhow ... I don't know how you "know" the mask is 255.255.0.0 .. but no
matter ... 10.anything is a reserved non routable IP for private
networks .. like 192.168 ... etc etc ...

The 255.255.0.0 mask means that 10.200.0.0 is your networks address ..
and the last two octets are the host address (256x256 = 64K hosts etc).

Soooooooooo .. if you don't use 0 or 255 in either of the last two
octets (to keep things simple) then that will leave 10.200.(1-254).(1-
254) ... ie 10.200.50.50 / 255.255.0.0 would be an acceptable address
for this local network.

The only other thing that would get you in trouble would be any filters
that keep you behind a firewall if not properly authenticated etc .. or
you selecting an address that is already in use on the network (the
network will usually throwup as soon as ARP starts coming up with
multiple MAC addresses for one IP); an actual MAC allowed list etc etc
etc ...

IMHO as always ...
campbell

No DHCPd

"John" <(E-Mail Removed)> wrote in message
news:4mnbb.5655$(E-Mail Removed)...
> Simple... let the network DHCP server get you an IP without any effort.
>
> "Josechu" <(E-Mail Removed)> wrote in message
> news:bkjv8p$2jeqr$(E-Mail Removed)...
> > Imagine that you find a hotspot with ESSID = "default" and without WEP
> > encryption.
> >
> > Imagine that the network resides in an IP range that is 10.200.100.X and
> > masc: 255.255.0.0 but you don't know these IP.
> >
> > How can you guess the IP numbers in order that you can enter the
network.
> >
> >
> > Thanks in advance,
> >
> >
> > Josechu
> >
> >
>
>

It sounds as if they've turned off DHCP, turned on MAC filtering, and
assigned IP to specific MACs just to keep people out. Stay out if that's
the case.

"Wepless" <(E-Mail Removed)> wrote in message
news:bklsqf$r88$(E-Mail Removed)...
> No DHCPd
>
> "John" <(E-Mail Removed)> wrote in message
> news:4mnbb.5655$(E-Mail Removed)...
> > Simple... let the network DHCP server get you an IP without any effort.
> >
> > "Josechu" <(E-Mail Removed)> wrote in message
> > news:bkjv8p$2jeqr$(E-Mail Removed)...
> > > Imagine that you find a hotspot with ESSID = "default" and without WEP
> > > encryption.
> > >
> > > Imagine that the network resides in an IP range that is 10.200.100.X
and
> > > masc: 255.255.0.0 but you don't know these IP.
> > >
> > > How can you guess the IP numbers in order that you can enter the
> network.
> > >
> > >
> > > Thanks in advance,
> > >
> > >
> > > Josechu
> > >
> > >
> >
> >
>
>

Sniff the MAC's and the IP's.

You could just wait for the nodes to get turned off and with any luck the ap
and gateway will stay live 24/7. Copy what u see and jump in.

If the nodes stay live u might be able to copy a mac address and use a
different ip but stay nice and close to what ever they are using.

If the gateway blocks all ip's other then what is assigned good chance the
nodes wont have protection and u should be able to climb in and then back
out thru them.

Take an example and stretch it. Wireless is fun no?

Ofcourse this is just an educational example.
Dr LG

"There is always a wall, they are just at different heights.
Build an elegant staircase to the top and peak over".
-sTd




"MarcRW" <(E-Mail Removed)> wrote in message
news:wFCbb.1760$gi2.780@fed1read01...
> It sounds as if they've turned off DHCP, turned on MAC filtering, and
> assigned IP to specific MACs just to keep people out. Stay out if that's
> the case.
>
> "Wepless" <(E-Mail Removed)> wrote in message
> news:bklsqf$r88$(E-Mail Removed)...
> > No DHCPd
> >
> > "John" <(E-Mail Removed)> wrote in message
> > news:4mnbb.5655$(E-Mail Removed)...
> > > Simple... let the network DHCP server get you an IP without any
effort.
> > >
> > > "Josechu" <(E-Mail Removed)> wrote in message
> > > news:bkjv8p$2jeqr$(E-Mail Removed)...
> > > > Imagine that you find a hotspot with ESSID = "default" and without
WEP
> > > > encryption.
> > > >
> > > > Imagine that the network resides in an IP range that is 10.200.100.X
> and
> > > > masc: 255.255.0.0 but you don't know these IP.
> > > >
> > > > How can you guess the IP numbers in order that you can enter the
> > network.
> > > >
> > > >
> > > > Thanks in advance,
> > > >
> > > >
> > > > Josechu
> > > >
> > > >
> > >
> > >
> >
> >
>
>