NetStumbler.org Forums

Once the AP has been scanned and detected, what is the best way to discover what network the AP is on??

Thank you in advance.

Shadow

use the Search Function

Under window bring up a dos box and type:

tracert cnn.com

(I'm using cnn.com as an example here).

You'll see the path to get to the destination and should be able to figure out where it is going.

peter

If you browse to:

http://www.ipchicken.com/

you get a cool, colorful display of
"your" IP addie.

If one is out "wardriving" and comes across a WAP... how do I know if the WAP is on a 192.x.x.x network or a 10.x.x.x network? or anything in between..?? The only way to gain access to their WAP for the purpose of using their resources is to know which IP schema they are using. At this point in my knowledge the only way I know to do it is to scan all ranges of IP ... but that would take a very long time. If their is a feature in Netstumbler that will actually ID the IP address of the WAP, then I must have missed it.

Any advice greatly appreciated!
Thanks
Shadow

"If one is out "wardriving" and comes across a WAP... how do I know if the WAP is on a 192.x.x.x network or a 10.x.x.x network? "

RUN WINIPCFG.
Select your wireless NIC, then click
"More Info" That works for me.

Cheers, QE

Originally posted by QuienEs
If you browse to:

http://www.ipchicken.com/

you get a cool, colorful display of
"your" IP addie.

I tried that - came back and said I was at 208.153.97.x - actual address was 208.169.230.x - which is some sort of cache server at my ISP.

The simplest way is to run ipconfig, it will give you a lot of info. You can also run a sniffer and it will give you loads of info also.

>>Snip>>RUN WINIPCFG.
Select your wireless NIC, then click
"More Info" That works for me. <<end<<

This will only tell me what my IP address is for my card currently. I would need to change this IP to the one that I found while "wardriving" on the unsuspecting WAP.... That way I would have access to their resources i.e. Internet, drive shares, files, printers, etc... If my card has an IP of 192.100.50.10 and the "wardriving" WAP resource has an IP of 10.1.1.10 then I would never be able to access their resources as I am not on the same network. If I gave my NIC an address of 10.1.1.20, then I would be on the same network thus allowing me access to resources. The problem is how to find what network the WAP is on... mind you that in the example above I made up the 10.1.1.10 ... in the real world how would I find it short of scanning every available address in all class A, B, & C networks.?

Anyone? Ideas?

In the real world, You could probably just request a DHCP lease. Almost every AP I've seen in my area, has DHCP enabled. That would be an easy way..

Another way would just be to fire up a sniffer, and find an IP that's communicating. If its a windows network, shouldn't take long with all the SMB broadcasts and stuff.

I've associated myself with APs, using an IP not even close to the WLAN's IP block, and just watched the traffic go by, then, after seeing the traffic, you can probably make an educated guess as to what IP range they're using, and what ones would likely be un-used.

Windows networking is very helpful too, watching the traffic can give you the IP block easily, just by waiting for a broadcast netbios packet.. like, UDP: 192.168.1.100 -> 192.168.1.255, now you know 192.168.1.x is the range.. pick a high, and u'll most likely not have a used ip.. to be safe, ARP the IP, if a machine responds, pick another one..

Sahdow sez: "This will only tell me what my IP address is for my card currently. I would need to change this IP to the one that I found while "wardriving" on the unsuspecting WAP.... That way I would have access to their resources i.e. Internet, drive shares, files, printers, etc..."

QE said something to the effect that "WINIPCFG works for me". The reason I said that is that yesterday, when going to a store near a bunch of
offices, I suddenly had a 100% green signal as
reported by Orinoco's signal strength display, but
I couldn't check my email etc. So, I ran WINIPCFG
and saw a bunch of 10... addresses. Try it. At that point I figured [maybe wrongly] that I was
part of someone's LAN and got the scarry idea that
it might be a good way to catch a virus from them.
So I shut down the laptop and went into the store.
I understand that I'm NOT telling you how to"have access to their resources" [which wasn't my intent anyway]but I truly believe I answered your question "how do I know if the WAP is on a 192.x.x.x network or a 10.x.x.x network?" Try it and advise. Cheers, QE

Thanks for the information nirosys and QuienEs... Will let you know how it all works out.

Shadow

Oddly, I can use netstumbler and an Orinoco and see an non-WEP AP, and at the same time run AiroPeek on my Cisco card and see only MAC addresses. I very rarely see IPs. I also never seem to get a DHCP lease. Is either card available to get a DHCP address while NS and AiroPeek are running?

I'll try WINIPCFG tomorrow.

When running an Orinoco under XP with Netstumbler I always autorecieved DHCP Address' if the AP was handing them out...

me too, in fact the default behavior for orinoco cards (as with an other new tcp/ip connection) is to 'Obtain an IP Address Automaticaly' while driving around, I frewuently have windows associate to an AP, and acquire a DHCP lease automaticaly, (lots better than when I was using the NETGEAR (prisim2) card and had to manualy release/renew to to request a lease.