tomtolkien
asked on
How can I find the IP address of a wireless router on my network?
I run a network at the school I work at. We have two wireless networks, one of which I didn't install. The one I did install is open access and works fine. The other one requires a WEP password, which noone seems to know. I don't know the IP address of the wireless router to change the settings to open access. Can anyone tell me how I might locate the IP address of the router on the network using the main server?
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
skca54
Try: http://www.famatech.com/products/utilities/ipscanner.php
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks - I know where it is in the school - I don't know if the installation cd is present. Is it possible to detect the IP address from the computer it's connected to?
Probably. Put ehtereal on the computer its connected to, or on a laptop or something. Then, on the computer its connected to, run ethereal and you can probably see traffic from it with its IP address. Or on a laptop, plug the AP into a hub and the laptop into the hub and do the same thing.
I agree with pseudocyber - consider it rogue, reset the config and rebuild from scratch if you really need it.
But if you *really* want in the box first, and you don't know the wired IP address of the WAP, simply do a network scan (again, like speudocyber mentioned). You can run nmap from linux or from windows and scan for IP addresses. Given that you know the rest of the devices on your network, you should see the unknown device show up in the scan.
http://insecure.org/nmap/download.html
Once installed, at the command line (in the right path) simply enter the command: nmap -v -sP network/CIDR > devices.txt
For instance, if your network is a Class C 192.168.1.0, the command would be: nmap -v -sP 192.168.1.0/24 > devices.txt
Or if you don't understand CIDR and masking bits, rather then getting in to an IP subnetting discussion, simply use the ip address range like this: nmap -v -sP 192.168.1.1-255 > devices.txt
This will give you all the IP devices in the range you specify, along with their corresponding MAC address, and port the results to a text file named devices.txt.
Of course, then you'll need to figure out the admin password to the WAP. Try the following:
* If you can use the last admin's workstation to login to the web interface, the credentials may be stored in his browser and filled in automatically for you -- if you are logged in to the workstation as the account that he normally used....Admins love to store the keys to the kingdom on their workstation....
* Check the admin's pc for password files, crack his workstation/domain passwords, dump his password cache from IE....
* Try all the common and silly passwords..."admin" is the login name on the Linksys and you can't change it, so here are a few I would try:
admin
linksys
cisco
default
wrv54g
gobucks (if the admin was from Ohio)
password
letmepass
letmein
secret
variations of "router" and "firewall"
goaway
secret
* Depending on how current the firmware is, you might be able to use a command injection to dump the config so it can be recreated, but likely it would have to be very old, though I have not tried that in a while... search opendisclosure list for the details on the vuln...
* Run Hyrda against the login with a decent dictionary file and substitution list. The nice thing about it is if this is a Linksys (the most comman WAP for home/schools/etc. right now) there is no lockout on it. The session dies, if I recall after a few attempts, but Hydra will handle that. (you might be able to do it with Brutus, but Hydra will be faster and more easily configured for complexity)
* Last ditch - reset to factory defaults
Hope some of this helps and good luck!
- Bruce
But if you *really* want in the box first, and you don't know the wired IP address of the WAP, simply do a network scan (again, like speudocyber mentioned). You can run nmap from linux or from windows and scan for IP addresses. Given that you know the rest of the devices on your network, you should see the unknown device show up in the scan.
http://insecure.org/nmap/download.html
Once installed, at the command line (in the right path) simply enter the command: nmap -v -sP network/CIDR > devices.txt
For instance, if your network is a Class C 192.168.1.0, the command would be: nmap -v -sP 192.168.1.0/24 > devices.txt
Or if you don't understand CIDR and masking bits, rather then getting in to an IP subnetting discussion, simply use the ip address range like this: nmap -v -sP 192.168.1.1-255 > devices.txt
This will give you all the IP devices in the range you specify, along with their corresponding MAC address, and port the results to a text file named devices.txt.
Of course, then you'll need to figure out the admin password to the WAP. Try the following:
* If you can use the last admin's workstation to login to the web interface, the credentials may be stored in his browser and filled in automatically for you -- if you are logged in to the workstation as the account that he normally used....Admins love to store the keys to the kingdom on their workstation....
* Check the admin's pc for password files, crack his workstation/domain passwords, dump his password cache from IE....
* Try all the common and silly passwords..."admin" is the login name on the Linksys and you can't change it, so here are a few I would try:
admin
linksys
cisco
default
wrv54g
gobucks (if the admin was from Ohio)
password
letmepass
letmein
secret
variations of "router" and "firewall"
goaway
secret
* Depending on how current the firmware is, you might be able to use a command injection to dump the config so it can be recreated, but likely it would have to be very old, though I have not tried that in a while... search opendisclosure list for the details on the vuln...
* Run Hyrda against the login with a decent dictionary file and substitution list. The nice thing about it is if this is a Linksys (the most comman WAP for home/schools/etc. right now) there is no lockout on it. The session dies, if I recall after a few attempts, but Hydra will handle that. (you might be able to do it with Brutus, but Hydra will be faster and more easily configured for complexity)
* Last ditch - reset to factory defaults
Hope some of this helps and good luck!
- Bruce
Most access points can be reset by pressing a button at the back or bottom of it for a few seconds, sometimes you need to remove the power while doing that. After that It won't have any security applied and you'll be able to configure it by accessing it through your webbrowser. Normally you can download the manual from the manufacturer's site which tells you it's default values after such a factory reset.
on a pc that is connected to the wireless open a command prompt (start>run>type cmd and click ok). in the command prompt enter "ipconfig" (without speechmarks). the gateway address listed will be your wireless router
failing that run an ip scan - http://www.angryziber.com/ipscan/
ignore any results that come back with a PC name or login name, and put any other address into a web browser, you will eventually get to your wireless router
failing that run an ip scan - http://www.angryziber.com/ipscan/
ignore any results that come back with a PC name or login name, and put any other address into a web browser, you will eventually get to your wireless router
mrroonie - Your first solution would only provide the wireless gateway, which by default would not provide him admin access.
tomtolkien - Network IP scanning has been mentioned as well as packet scanning to determine the inside (wired) IP address of the device. You can use any of the steps already mentioned to determine the IP address. To re-enforce what pseudocyber stated, the quickest way to determine the IP address without having to go through the entire network (like how I proposed it - doh!), is to simply connect the WAP directly to a box with a static IP from your network (or through a hub with just your two devices attached) with an IP scanner installed (nmap, superscan, ipscan, batch file with an incremental ping, whatever your choice is) and do an IP scan. Assuming the WAP provided access to the same network/IP subnet as your current environment, you'll see the IP address pop up in your scan - it will be the only other machine connected to you. Then you can try the default password (admin), common passwords or a password cracking tool (I recommend Hydra - ask me for details if you get this far and need step-by-step instructions) to login.
If the WAP IP address isn't immediately found doing this, then the WAP is probably not on the same network. You'll then need to use a packet sniffer to determine the IP address. Like pseudocyber I highly recommend Wireshark (Ethereal was it's original name for years, but you'll find it as Wireshark now). Hopefully the WAP is noisy enough that it will broadcast out some packets so you'll see it's IP address.
Hope this helps clarify what we're all saying!
- Bruce
tomtolkien - Network IP scanning has been mentioned as well as packet scanning to determine the inside (wired) IP address of the device. You can use any of the steps already mentioned to determine the IP address. To re-enforce what pseudocyber stated, the quickest way to determine the IP address without having to go through the entire network (like how I proposed it - doh!), is to simply connect the WAP directly to a box with a static IP from your network (or through a hub with just your two devices attached) with an IP scanner installed (nmap, superscan, ipscan, batch file with an incremental ping, whatever your choice is) and do an IP scan. Assuming the WAP provided access to the same network/IP subnet as your current environment, you'll see the IP address pop up in your scan - it will be the only other machine connected to you. Then you can try the default password (admin), common passwords or a password cracking tool (I recommend Hydra - ask me for details if you get this far and need step-by-step instructions) to login.
If the WAP IP address isn't immediately found doing this, then the WAP is probably not on the same network. You'll then need to use a packet sniffer to determine the IP address. Like pseudocyber I highly recommend Wireshark (Ethereal was it's original name for years, but you'll find it as Wireshark now). Hopefully the WAP is noisy enough that it will broadcast out some packets so you'll see it's IP address.
Hope this helps clarify what we're all saying!
- Bruce
In my point of view it is easiest to reset the AP to factory defaults as no one remembers the WEP password of the other AP. A factory reset will disable that password and then you can properly configure it. Without having the password there is not much point in knowing it's IP, except if you are also prepared to run a WEP cracking software...
Go with rindi's advise and reset the router. It's the simplest way to get access to the device and then you can set it up exactly how you need to.
jocasio
jocasio
brucewestbrook >>mrroonie - Your first solution would only provide the wireless gateway, which by default would not provide him admin access
- he only asked how to find the IP, this is the quickest, least complicated way.
i'd just go with everyone on here and reset it, its going to be a nightmare to get the existing password
- he only asked how to find the IP, this is the quickest, least complicated way.
i'd just go with everyone on here and reset it, its going to be a nightmare to get the existing password
mrroonie - not trying to nitpick, but he did ask "...I don't know the IP address of the wireless router to change the settings to open access..." I was simply pointing out that by default obtaining the WAP's wireless side IP address won't meet his need as he won't be able to admin the box from the wireless side.
tomtolkien - like mroonie, myself and everyone else have already pointed out, unless there's some overwhelming reason for you to obtain the configuration information intact, the simplest solution would be to simply reset the router and reconfigure it. 10 minutes later and you'll be done.
tomtolkien - like mroonie, myself and everyone else have already pointed out, unless there's some overwhelming reason for you to obtain the configuration information intact, the simplest solution would be to simply reset the router and reconfigure it. 10 minutes later and you'll be done.
Ditto on Netstumbler from Renill.
Netstumbler will tell you signal strength, IP address, brand, MAC address and all sorts of other stuff about APs.
It is extremely easy to use (assuming it supports your wireless card)
netstumbler.com
Netstumbler will tell you signal strength, IP address, brand, MAC address and all sorts of other stuff about APs.
It is extremely easy to use (assuming it supports your wireless card)
netstumbler.com
bruce - soz mate, i was just going on the header of the thread, when you said that i actually read the rest of it
There is several ways to figure this out. If you scan the subnet and get the macs... you know where it is therefore you know the brand name of the ap. Go to http://coffer.com and enter the brand name... it will give you the first part of the mac. Match it up to your scan... put the ip into a browser "http://x.x.x.x" if it comes up then that is it.
Best to set back to default and it will grab a dhcp address... go to your dhcp list and pick it out. It will be listed on that subnet under the default brand name... etc.
Best to set back to default and it will grab a dhcp address... go to your dhcp list and pick it out. It will be listed on that subnet under the default brand name... etc.
ASKER
Thanks. Netstumbler didn't get the IP - but it was very useful as a utlility. Thanks for the info.
In the end I got the key from the previous admin. But it turned out the wireless router was used to feed the internet to the main server - so i decided not to make it open access.
Anyway - thanks for all the suggestions.
In the end I got the key from the previous admin. But it turned out the wireless router was used to feed the internet to the main server - so i decided not to make it open access.
Anyway - thanks for all the suggestions.