Find out what a device IP is based off MAC?

[TechieSooner]

So a network device I've got has been moved to a new network on a new location.

Because of this reason all the arp caches are worthless.

So how on earth do I find out what the IP of this device is? Anyone?

All I've got is the MAC. (Yea I realize I could reset it however I also lack a manual that tells me what the default IP is- so I still wouldn't have a clue what the IP address would be).

 

[XOR != OR]

Assign a static ARP entry to it. Then you can use whatever protocol ( http, telnet ) to connect up and figure out the rest.

 

[Mohavis]

if you know the ip range of the building it came from you could throw another box on the same vlan in the same wrong subnet and use angry ip and scan the whole thing.

 

[Vito_Corleone]

ping/scan everything on the subnet, then look at your ARP table and find the MAC

 

[XOR != OR]

ping/scan everything on the subnet, then look at your ARP table and find the MAC

Ping the broadcast address you mean. Won't work though, if the device isn't configured with a local subnet IP.

 

[gimp]

check the list of leases on the DHCP server and find matching MAC address?

since you "don't know the IP" I assume it's setup as a DHCP device?

 

[TechieSooner]

ping/scan everything on the subnet, then look at your ARP table and find the MAC

Can't do that cuz I have no idea the original IP configuration...

if you know the ip range of the building it came from you could throw another box on the same vlan in the same wrong subnet and use angry ip and scan the whole thing.

Same as above.

Assign a static ARP entry to it. Then you can use whatever protocol ( http, telnet ) to connect up and figure out the rest.

That seems so stupidly simple- I didn't think about that.

I tried it and it didn't work. Is this because both the machine I'm assigning the ARP entry to and the device itself is between a switch (Thus the switch is doing it's thing and routing it to the "proper" address?)

My problem is I'm trying to do this remote. I'd connect them together with a crossover cable but I can't do that remotely.

check the list of leases on the DHCP server and find matching MAC address?

It's statically assigned... If it was DHCP I wouldn't have a problem at all

 

[gimp]

It's statically assigned... If it was DHCP I wouldn't have a problem at all

ahhhh, you never knew the IP address.

well okay then lol.

 

[Vito_Corleone]

Ping the broadcast address you mean. Won't work though, if the device isn't configured with a local subnet IP.

I don't mean pinging the broadcast as most systems won't respond to it. I was talking about nmaping the /24 or using angry IP scanner or something similar.

Didn't get the different subnet part. Google for a manual and find the default IP, then reset it.

 

[keenan]

I tried it and it didn't work. Is this because both the machine I'm assigning the ARP entry to and the device itself is between a switch (Thus the switch is doing it's thing and routing it to the "proper" address?)

Normal switches work with layer 2 (MAC) addresses, they don't deal with IPs at all, so that's not it. More likely is that the device isn't responding to the traffic sent to it with the wrong IP...

What I normally do is just scan the RFC1918 blocks from smallest to largest, assuming it had an internal address. Even the /8 doesn't take long to arp scan.

If that fails either sniff for traffic it might be sending on the wire (CDP, LLDP, keepalives or whatever) which might contain its IP address. Most devices will generate some traffic, at least while they boot up.

Failing all that, just reset it to defaults. It's probably not worth the trouble...

 

[TechieSooner]

Didn't get the different subnet part. Google for a manual and find the default IP, then reset it.

Can't do that... Very proprietry piece of equipment and nothing exists online.

As such I really can't just reset this like a Linksys router or I could've done that a long time ago.

I also think it might reset itself to having "No" IP... In which case I'd be totally screwed since I can't really remotely hookup a RS232 connection.

 

[Vito_Corleone]

It's got a console?! Have someone connect to the console for you!

 

[Lightworker]

I would check the arp cache on the routing device for that network segment. That of course, will only work if the router has sent or received frames to this device.

I don't know what kind of gear you're running but with Cisco gear it would go like this:

Router#show ip arp [mac]

 

[keenan]

It has a console port and you're trying to figure out its forgotten IP? What's wrong with you man!

 

[TechieSooner]

I would check the arp cache on the routing device for that network segment. That of course, will only work if the router has sent or received frames to this device.

I don't know what kind of gear you're running but with Cisco gear it would go like this:

Router#show ip arp [mac]

The router is a Dlink and the switch is a Linksys (Small office) so yea... Nothing doing on that.

It has a console port and you're trying to figure out its forgotten IP? What's wrong with you man!

I'm remote

 

[XOR != OR]

That seems so stupidly simple- I didn't think about that.

I tried it and it didn't work. Is this because both the machine I'm assigning the ARP entry to and the device itself is between a switch (Thus the switch is doing it's thing and routing it to the "proper" address?)

My problem is I'm trying to do this remote. I'd connect them together with a crossover cable but I can't do that remotely.

No, a switch just looks at the ARP headers ( typically ), so it shouldn't be doing any filtering. If the ARP trick isn't working, either the device itself is doing sanity checks on the packets coming in to it, or ( more likely ) there is a hardware fault.

 

[PTNL]

Since you're offsite, how about running an app in that environment to handle the data gathering? While it may be overkill for this specific question, I think Spiceworks would give you the info needed.

 

[TechieSooner]

Since you're offsite, how about running an app in that environment to handle the data gathering? While it may be overkill for this specific question, I think Spiceworks would give you the info needed.

I think that just scans what's on my subnet, doesn't it???

 

[PTNL]

I think that just scans what's on my subnet, doesn't it???

It scans the network where it is installed. Install it to the remote (new) site's network, and let it star gathering and aggregating data.

It may not provide an immediate turnaround for this problem, but is another approach to have running in the background in case you can't find a quicker solution from the rest of this thread. Just trying to offer a fallback option

 

[Vito_Corleone]

I'm remote

Have someone who ISN'T remote plug into the console, then use RDP/Netmeeting/Logmein/etc to get access to the console.

 

[TechieSooner]

It scans the network where it is installed. Install it to the remote (new) site's network, and let it star gathering and aggregating data.

It may not provide an immediate turnaround for this problem, but is another approach to have running in the background in case you can't find a quicker solution from the rest of this thread. Just trying to offer a fallback option

You have to put in ranges... You think just scan anything in 10.0.0.1-10.254.254.254 and 192.168.0.1-192.168.254.254?

Have someone who ISN'T remote plug into the console, then use RDP/Netmeeting/Logmein/etc to get access to the console.

Nobody there has that equipment to do that or I would've had them do that.

 

[PTNL]

You have to put in ranges... You think just scan anything in 10.0.0.1-10.254.254.254 and 192.168.0.1-192.168.254.254?

No, but wouldn't you be able to narrow that possible list given your knowledge of the range(s) used at both locations?

 

[TechieSooner]

No, but wouldn't you be able to narrow that possible list given your knowledge of the range(s) used at both locations?

I don't know squat about the old network except the old printer (Another device) IP address was 10.0.1.something

And I did a scan on 10.0.1.1-10.0.254.254 and came up empty

 

[keenan]

Sounds like the chances of it responding to anything are becoming slim. I'd just bite the bullet and have someone move it to a place there's a serial port or go there yourself.

 

[TechieSooner]

Sounds like the chances of it responding to anything are becoming slim. I'd just bite the bullet and have someone move it to a place there's a serial port or go there yourself.

12 hours away

I'm thinking I'm going to have to have someone use a serial cable as well.

 

[Mohavis]

i it possible it may be a deivice that sends out any kind of broadcast traffic? Maybe a long shot, but you could just throw up wireshark on a device in the same vlan and see if you see any broadcast traffic from an IP you wouldn't expect to see there.

before driving 12 hours though i'd have someone go in there and pull it out of the rack and ship it overnight to me and turn around and ship it back.

 

[TechieSooner]

Nah...

It's more or less kindof an IP interface to analog devices... All it does is route that traffic out through the gateway so it can get online and to the server.

The device itself is still working fine- it's just I've got to get into it to change the IP parameters to the new network...

I hadn't thought about the over-nighting thing. I'll have to do that.