Broadcast Pings to Discover IP Addresses

aaron's picture

Here's a quickie: We needed to configure someone else's fibre channel switch yesterday, but didn't know its IP address. We did, however, know it was configured in the subnet 192.168.0.x.

So we directly connected our laptop to the FC switch's ethernet port (bypassing the ethernet switch), and configured our own IP as 192.168.0.2 (anything in the same subnet would work). Then we pinged the network broadcast address: ping 192.168.0.255, with this result:

64 bytes from 192.168.0.2: icmp_seq=0 ttl=64 time=0.168 ms
64 bytes from 192.168.0.9: icmp_seq=0 ttl=64 time=0.327 ms (DUP!)

The first response is our own IP, so the second must be the switch! (Press Control-C to stop the once/second repetitions.)

This technique should work on just about any IP device. If you know the subnet, you can find the IP.

Comments

7
djidji's picture

I only learned this trick when I properly re-read the Xseve user manual, I think it
was in the last - xeon - rev. It it the suggested way to find out the ip address of
the new xserve units at some point of the remote installation, works great every
time ;-)

---
the righteous way is straight as an arrow
take a walk and you'll find it too narrow for the likes of me
--nc

aaron's picture

You can also use this command, especially if you don't know the subnet:
ping 255.255.255.255
But don't use that if you are plugged into an Ethernet switch, or you may flood
your network.

---
Aaron Freimark
http://www.tekserve.com/vcard/af.vcf

Aaron Freimark
CTO, Tekserve

ravan46's picture

What about when it's plugged into an ethernet switch you can't easily access, and there is plenty of other devices on the subnet?

Do the broadcast ping again. Then take a look at your arp table (arp -a).

Then lookup the MAC address vendor code on the IEEE list

http://standards.ieee.org/regauth/oui/oui.txt

And find the one in the arp list of MAC address that matches.

For example, QLogic switches will pretty much always start with 00-C0-DD

matx's picture

nmap is favorite way to discover what is where:

Host 10.0.0.200 appears to be up.
MAC Address: 00:0F:B5:4D:77:2B (Netgear)

Host 10.0.0.203 appears to be up.
MAC Address: 00:C0:DD:07:1C:E8 (QLogic)

Host 10.0.0.204 appears to be up.
MAC Address: 00:30:6E:F9:94:76 (Hewlett Packard)

Host 10.0.0.205 appears to be up.
MAC Address: 00:0D:93:01:E0:B9 (Apple Computer)

aaron's picture

Nmap is at http://insecure.org/nmap/. It is a
great app, but you don't always have it available...

---
Aaron Freimark
http://www.tekserve.com/vcard/af.vcf

Aaron Freimark
CTO, Tekserve

Rupert Watson's picture

the one you want is 224.0.0.1

It pings all-hosts. If you ping that group, all multicast capable hosts on the network should answer. So you dont even need to know the range to be in.

Even if you ping from 192.168.1.10 a 169.x.x.x IP addressed machine will answer; very handy for finding shy Servers waiting to be configured in Server Assistant

seb's picture

The best way to retrieve an ip address from a device (raid chassis, fc switch, etc...) is to connect directly to it (not thru a switch) with a crossover cable and tcpdump your network interface

On my laptop I use:

sudo tcpdump -i en0

Works even if you have no idea what the subnet might be.

Seb