Solved

How to discover the IP address of a wireless access point without looking at the DHCP client list

Posted on 2009-05-15
11
1,441 Views
Last Modified: 2012-05-07
I need to discover the IP addresses of a few Cisco 1300 access points in order to login to them and configure them.  Does anyone have any suggestions?  They are mounted pretty high so getting to them would be a pain in the A**!
0
Comment
Question by:JJMarquart
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 3

Expert Comment

by:cwalter9
Comment Utility
Do you have access to any other cisco device on the same network?

You can use cdp (Cisco Discovery Protocol) to find some info about each one and hopefully which switch port it is on.

You can then use the mac address table and arp entries on the switch/router to find the IP address.

Let me know if you have access to a cisco device on the network already. If not we can look at using nmap (Network Mapper) to find them.
0
 
LVL 8

Expert Comment

by:inbox788
Comment Utility
You are a network administrator and not hacking, right?

You could try a sniffer like

http://www.kismetwireless.net/screenshot.shtml

or

http://www.stumbler.net/readme/readme_0_4_0.html

0
 

Author Comment

by:JJMarquart
Comment Utility
I looking to be the new admin.  They want to replace the old one.  They want to know if I can manage their network.  Which I'm pretty sure I can.  One thing I am iffy about is they have a SBS server that is involved somehow with the wireless possibly for RAIDUS authentaction but you don't have to enter a logon to get on the network.  They also have a nomadix gateway too.

I use netsumbler all the time but never saw the IP of the AP just the AP and SSID.  Am I missing something? I don't work with Linux so not sure about Kismet, unless they have a windows app I'm not aware of.

Thanks for the feedback!
0
 
LVL 3

Expert Comment

by:cwalter9
Comment Utility
I was assuming you have the credentials to login to them correct? Otherwise, you are going to need to scissor lift on up there. I know it isn't fun trust me, I have had to do it a few times.
0
 
LVL 3

Expert Comment

by:cwalter9
Comment Utility
Do you have the username and password to login to the Cisco devices when we do find them? If not then we need to gain physical access to the devices. Knowing the IP address will not do much more than get you a login prompt that you can't do anything with or a web interface asking for the same. Since you are taking over a Cisco network I'm assuming you know the Cisco IOS?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:JJMarquart
Comment Utility
there is a 24 port managed Cisco switch but I don't have access to it at the moment.
0
 

Author Comment

by:JJMarquart
Comment Utility
I was hoping for the default UN and PW to work.  If not I told them they would need to get that info from the current admin.
0
 
LVL 8

Expert Comment

by:inbox788
Comment Utility
I thought Netsumbler showed IPs, but maybe it doesn't. Looks like Ethereal does:

http://zedomax.com/image/200702/ethereal.jpg

http://www.ethereal.com/
0
 
LVL 3

Accepted Solution

by:
cwalter9 earned 250 total points
Comment Utility
If you can get on the Cisco switch you can do:

sh cdp neighbors

It will list each Cisco device on it and the port which it is connected to. It will also provide it's hostname if set, the type of device it is, if there are other switches on the network this would help you find those also.

Lets say that it told you that one of the APs was on port Gig3/36 then you can do:

#sh mac-address-table | inc 3/36
   1    0011.85d7.facc   dynamic ip                    GigabitEthernet3/36

Now you have the mac you can do:

sh arp | inc facc

Which will give you the IP address.

You could also download and bootup a Knoppix CD and use nmap to map the network.
0
 
LVL 14

Assisted Solution

by:Roachy1979
Roachy1979 earned 250 total points
Comment Utility
Nmap with OS detection will do it.  It'll certainly give you mac, ip and IOS version.

Got to www.insecure.org, download and install nmap and then run

Nmap -sS -sV -O 192.168.1.0/24

Against your ip range.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
You could try Softperfects Network Scanner (which is FREE) from http://www.download3k.com/Install-SoftPerfect-Network-Scanner.html.

We have used this to discover IP Addresses on networks when we don't know what we are looking for IP Address wise.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now