[clue-tech] find a lost wireless router?
skipworthy
skipworthy at realivetech.com
Fri Jun 3 16:20:38 MDT 2005
Thanks for all the suggestions...most of them I already tried...
I tried Jim's idea, and that is pretty useful and cool...couldn't find
my WAP that way ( the mac didnt show up in arp, but there are a number
of 'anonymous' entries there)
I didn't have a chance to attach to it physically because that would
require taking it out of service, and that would interrupt work, which
is a no-no in this case...so I'll try it over the weekend, I guess.
thanks again
G
Jim Ockers wrote:
>Hi Glen,
>
>Interesting question.
>
>
>
>>I have a (linksys ) WAP/router on my network that I can't find
>>topologically...I know where it is (its plugged into a hub) physically,
>>but I can't get to the administrative page to secure it. ( noone seems
>>to know the IP address or anything) It doesn't show up in DNS as
>>'linksys' or anything similar, and I don't have any unaccounted for
>>names as far as I can tell...
>>
>>
>
>If you can find it physically, then do this:
>
>1. Disconnect it from your LAN.
>2. Connect a laptop to it, get an IP address with DHCP.
>3. The Linksys router should give out a DHCP lease with its own IP address as the
>"router" (default gateway).
>4. Examine your laptop's routing table and identify the default
>gateway. You should be able to connect to the default gateway IP
>address using a web browser, and that should get you the WAP/router
>administration page.
>
>If you can't find it physically, there are also options. (See below.)
>
>
>
>>am I thinking too hard? could this be operating just as a hub and not
>>have an ip address or managing interface of its own?
>>
>>and, as a corollary question...what if I did have the mac address...is
>>there an easy way to resolve that to an IP ?
>>
>>
>
>If you have the MAC address AND you have ethernet switches which
>maintain a MAC address and IP address tables, you can examine the
>switch tables to see if the switches have noticed any IP traffic
>from that MAC address. We have HP4000M procurve switches which do
>maintain this kind of table.
>
>If you don't have a managed switch then you can use nmap to do
>ping sweeps of all possible IP addresses, and see if you get any
>replies from the MAC address you seek. Suppose everything on your
>internal network has a 192.168.1.x IP address. You can do a ping
>sweep as follows:
>
>nmap -sP 192.168.1.0/24
>
>Nmap will try to ping in sequence all IP addresses in that block,
>with one ping. You will get replies from every "normal" thing on
>the network. If something on the network is blocking pings due to
>a firewall setting then you won't find it. Similarly if something
>on the network is set to NOARP then you won't find it either.
>
>If your Linksys device will respond to pings and its ARP is working
>properly, then you'll find it if you ping it.
>
>By "find" I mean you will have to examine the /proc/net/arp table
>to search for the MAC address you seek. (The arp -an command will
>also enumerate entries from the ARP cache.) Bear in mind ARP
>cache entries expire quickly (a few seconds usually) so you should
>be constantly watching your ARP cache as you ping sweep.
>
>If you aren't sure of the IP address that your device has, you can
>try a huge ping sweep of the entire internet, but that could take a
>long time. Also I recommend disconnecting your network from the
>internet while you are doing any nmap scans of your own network.
>
>Hope this helps,
>Jim
>
>P.S. If you can't find the wireless accesspoint physically you can find
>it with a spectrum analyzer or an 802.11 client running a sniffer
>like kismet. You should use a highly directional antenna. We have
>used a 14 dBi parabolic grid (handheld) antenna and a laptop running
>kismet with the "graphical" signal strength meter to find unauthorized
>wireless devices. The directionality of the antenna can allow you to
>zero right in on the antenna of the transmitting device, once you learn
>how to use it and interpret the signal strength information.
>
>
>
More information about the clue-tech
mailing list