1

I need help about the following

I have very old Linux server with one IP address, unfortunately I can’t to access to Linux machine VIA console and I not remember the IP address So I now thinking about way that I could to verify this IP address I don’t sure not it works but maybe by sniffer I can check the server IP ? For example

  1. Download sniffer on my laptop
  2. Connect the laptop network to the linux machine VIA LAN cross cable

  3. And try to run the sniffer in order to recognize the IP address from ETH0 ( Linux machines )

    Please advice if that option could works ?

Or if not please advice about the other option ?

I also thinking also about the option to build VB script that scan the IP's from 1.1.1.1 to 255.255.255.255 - but this option is very difficult ( I don’t know if somewhere already has this tool ? )

yael
  • 23
  • 3

5 Answers5

2

Switch off the old server.

Take its hard drive.

Connect it on another machine.

Mount it.

Go to /mnt/etc/network/interfaces (or the appropiate place for the distro, after /mnt) and look for the configuration.

Envite
  • 368
  • 2
  • 14
1

You dont mention the OS on your laptop so Im assuming windows.

You need nmap for windows: http://nmap.org/book/inst-windows.html

And then run the following command:

nmap -sP 1.1.1.0/24

Assuming you are on a /24 network.

This will tell you what IPs are active on the 1.1.1.0/24 network.

GeoSword
  • 1,657
  • 12
  • 16
  • I infer from the question that the OP has no idea what network the address might be on. – MadHatter Nov 20 '13 at 16:34
  • It'd work but be quite slow if he had to search through thousands of addresses. If he remembers it was on a private IP range though it may work just fine. – hookenz Nov 21 '13 at 01:49
1

Connect the laptop and the linux server to an isolated switch (or use a crossover cable like you suggested).

Run wireshark or another packet capture program.

Turn on the server.

If the server had ANY kind of services configured you should see some packets get squirted out as the box comes up. You'll be able to see the IP from the source header.

jlehtinen
  • 1,958
  • 2
  • 13
  • 15
0

Write a small script/batch which pings all IP addresses (Assuming 10.10.10.0/24):

On Windows: for /L %i IN (1,1,255) DO @(ping -n 1 10.10.10.%i | findstr Answer

on Linux: for x in seq 1 254; do ping -c1 10.10.10.$x | grep -i from; done

If you do not want to scan the network and the targeted machine is doing network traffic to other subnets you can list all ARP-Entries on it's gateway (arp -a if you are using Linux on the gateway). This way you should get a list for all MAC<->IP Adresses doing network traffic over this gateway. This is my favorite if I have access to the gateway and if it's manageable - its fast, shows even machines not reacting on ping and doesn't do any traffic / firewallhits etc...

unconfigured
  • 1
  • 1
0

if the box in question is blocking incoming non-established icmp and tcp (ie. its a firewall), you may be able to just plug it into box #2, run iptables on box #2, and go to lunch. theres a chance box #1 may try to connect with its preconfigured vpn peer or something....

EDIT: or if you are sure its running sshd on tcp/22, do a

for ip in {1..254}; do nmap -p 22 1.1.1.$ip; done

nandoP
  • 2,021
  • 14
  • 15