Solved

Can I retrieve an old IP address

Posted on 2009-05-19
12
3,890 Views
Last Modified: 2016-07-06
Folks,
A PC with a Failed hard  drive arrived into my desk yesetrday. I got the info from the hard drive itself but as my company uses STATIC IP address is there any other way retrieving the IP address from a file. I have heard something that you can retrieve the ip address from the C:\windows\system32\config\system file. How can I open this file if it ppossible at all.
0
Comment
Question by:Daithi_Mc
  • 6
  • 4
12 Comments
 

Expert Comment

by:martin2123
Comment Utility
Hi

Does your company use a DHCP at all??? either in a router or server if so you could look up the pc ip address there
1
 
LVL 68

Accepted Solution

by:
Qlemo earned 250 total points
Comment Utility
  • Start regedit
  • select HKEY_LOCAL_MACHINE
  • In menu, select Load
  • choose that system file
  • enter a arbitrary name for the imported registry
  • browse the new key to System\ControlSet001\Services\Tcpip\Interfaces
There are subkeys for each virtual or physical network interface, just visit them all, and look for the value of IPAdress
0
 
LVL 26

Assisted Solution

by:akahan
akahan earned 250 total points
Comment Utility
That's an interesting problem.  Here's what might work; I've just sort of made it up, though, never tried it.

What you need to do is access the registry from the old machine.  The registry on the old machine was stored in c:\windows\system32\config .   There are several files in that directory, combined, that make up the registry.

Since you've recovered those files, I presume they're in a directory somewhere that you can access.  Perhaps they're on a drive you've attached to your machine as a USB drive?  For purposes of this example, let's call that directory  F:\recovered\config

On your machine, get a command prompt, and type regedit.  The registry editor will come up, but it will be showing your ACTUAL registry, not the recovered registry.

In the registry, Navigate to HKEY_LOCAL_MACHINE , and click on that, so it's highlighted in blue.
Then, choose File (from the menu up top) and "Load Hive".  In the Windows Explorer Box, navigate to the directory f:\recovered\config (or wherever the other drive's c:\windows\system32\config file is), and select the file called "system".  Note that there may also be files in there called system.bak, system.LOG1, etc.  You don't want those; you want system.

This will HOPEFULLY load the registry hive of the other machine for viewing and editing.  Now, navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Under that key, in the window on the left side, possibly after several .NET related entries, you'll see one or more entries that start with a curly brace ({), have a random-looking series of letter and numbers with a few hyphens, and then a right curly brace.  Each of these corresponds to one of the network interfaces on the old machine.  (There may be just one or two if you're lucky).   Under each of these, there's a subkey labeled Parameters, and under Parameters, there's another one labeled Tcpip.   Under each, click on Tcpip, and, on the right hand side of the screen, look at "IPAddress" to see the ip address that was associated with that network interface.   One of those (the one that looks like a plausible IP address on your network) will be the one you're looking for.

VERY IMPORTANT: When done, go back to the "File" menu, and pick "Unload Hive".



0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Sorry? That's what I wrote, in more verbose form.
0
 
LVL 26

Expert Comment

by:akahan
Comment Utility
We were typing at the same time.  The OP might have had trouble with your solution because the registry key provided in it is incorrect.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Interesting. Your post is 23 minutes past mine. This is not "at the same time", you just didn't refresh the post after that long time (which you should do after some minutes, somebody could have been posted already).

And there is no "CurrentControlSet" in a loaded hive. It is a virtual branch created by the OS, and only for the HKLM hive in charge, not the loaded one. ControlSetXXX with XXX = 000 ... are the valid ones.
Now, what is wrong with mine?

0
 
LVL 26

Expert Comment

by:akahan
Comment Utility
We were typing at the same time, I just took a lot longer.  :)

Good point re CurrentControlSet.  

At least on my XP system, there's no System\ControlSet001\Services\Tcpip\Interfaces

Rather, it's

...  tcpip\PARAMETERS\interfaces   Is yours different?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Yes, I had a look at an XP registry (extracted from restore point snapshot folder), and followed the path I described, and everything was there. A ControlSet001 should always be there, but I have seen registries where it has been purged, maybe by LastKnownGood. Some software relies on ControlSet001 to be here, most for shareware/demo timespan limitations ;-)

0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Sorry, misread your post. Your path is correct. I forgot to insert the Parameters key.
0
 
LVL 26

Expert Comment

by:akahan
Comment Utility
I think between the two of us, he has the information he needs.  I have no objection to splitting credit, or any other disposition deemed appropriate here.  (It takes a long time to type when you're as verbose as I am.)    :-)


0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Agreed. I will request attention to let an admin take care of it.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now