0

I have two linux devices:

  • A: One has static IP (eg. 10.255.253.5 and mask 255.255.255.0). I cannot know or change this IP.
  • B: The second has a direct access (Screen and keyboard)

I'd like to connect the two devices directly using an Ethernet cable. For what I understand, the two devices must be on the same subnet to connect to each other. The issue is I don't know which subnet it is.

I've tried to use arp -a but it only returns IPs on the same subnet (which means none with a direct connection).

How could I scan the whole network (devices are not connected to the Internet nor any other network) to find out the IP and the subnet to connect to ?

Basically, I imagine something like that:

  • Scan all possible subnets to list active IPs
  • Switch the IP of the B device to match the found subnet
  • Connect to the found IP

How would this be possible to achieve ?

EDIT: Following comments, here is what I've made. It works for some devices but not for others...

  1. Grab remote device IP:

    tcpdump -i eth0 -s 1500 '(ether[12:2]=0x88cc) -v -c 1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' -o

  2. I got IP 10.255.253.5 which is correct.

  3. Change local IP to be in the same subnet (remote +1):

    ifconfig eth0 10.255.253.6 netmask 255.255.255.0

  4. Ping remote device to check it can be reached:

    ping 10.255.253.5

  5. Success !

Improve this question
1
  • If you connect this device to the router and in the router's login page look into the attached devices, what do you see about this device? Is the computer on LInux/Windows? If your arp supports specifying the netmask, you can perhaps specify 0.0.0.0 while leaving the device connected to the router.
    – harrymc
    Commented Apr 14, 2023 at 10:06

2 Answers 2

Reset to default
0

I've tried to use arp -a but it only returns IPs on the same subnet (which means none with a direct connection).

No, it doesn't mean that. Even a direct connection is still a "subnet" as far as IP cares (IP is not really aware of the differences in the first place, an Ethernet interface is an Ethernet interface) and it will still use ARP to resolve the opposite host's MAC address.

However, arp -a has never been a command that would show all IPs within the subnet. It shows the host's ARP lookup cache, which will only have entries for same-subnet hosts that you recently communicated with (which is none when you don't know what address to communicate with).

How could I scan the whole network (devices are not connected to the Internet nor any other network) to find out the IP and the subnet to connect to ?

First, run a packet capture tool (such as Wireshark) to check whether the device happens to announce itself in some way or other, e.g. it might be trying to ping something or make a DNS query. As soon as it does that and you see an IP (or ARP) packet coming from the device, just note its source IP address.

Once you know the address, choose an adjacent address for your own computer, then make up any subnet mask that's wide enough to include both. (It's fine to just go with /24 or 255.255.255.0 at first.)

If there is nothing, configure the computer with the widest subnet mask available for that range (e.g. /8 or 255.0.0.0 for an 10.x.x.x address) and use any "IP scan" tool. (Preferably, run the scan in "ARP scan" mode if that's an option.) For example, Linux has the arp-scan command.

To clarify regarding subnet masks: While the subnet mask should match across all devices within a subnet, it isn't strictly required to match (although mismatching configuration can certainly lead to unwanted behavior). If you have an isolated Ethernet with no external connection, as long as each device uses a subnet mask that covers the others' IP addresses they will consider each other "local", and that's enough for them to communicate – even if their configuration doesn't entirely match.

(So if you know that the device is 10.255.253.6 but don't know its configured subnet mask, choosing an adjacent IP address such as 10.255.253.5 is a good bet to ensure the device will recognize your IP as local to its subnet.)

Improve this answer
3
  • Thanks for your answer. I can see LLDP and PN-PTCP packets. How can I recover the source IP ? I got a MAC address for the shost. Then, I understand what are the next steps
    – Manitoba
    Commented Apr 14, 2023 at 12:53
  • These are not IP-based protocols, although LLDP may be advertising the "Management IP address" as one of the attributes. If it doesn't advertise that TLV, scanning is your next option.
    – grawity_u1686
    Commented Apr 14, 2023 at 12:58
  • I've updated my question with my discoveries
    – Manitoba
    Commented Apr 14, 2023 at 13:51
0

If you already know the ip-address and the netmask you also know the subnet.
They are directly related.

The subnet is nothing more than the logical AND of ip-address and mask when written out as 4-byte binary numbers. In this case 10.255.253.0.
(Mask has all 1's for the first 3 bytes and all zero for the last byte.

Meaning the first 3 parts of the subnet are the same as in the ip-address and the 4th byte is set to zero by the AND.)

So for the other computer just pick an arbitrary ip-address in the same subnet (e.g 10.255.253.6) and you are good to go.

For default gateway (if your system demands a value to be filled in) use your own ip-address. (It isn't needed for a direct connection anyway so it doens't matter of it is a real gateway or not.)

Improve this answer
2
  • You mis-understood. I don't know the IP address at all. I'd like to scan the whole local network (ie 0.0.0.0) to discover the IP address of the connected device.
    – Manitoba
    Commented Apr 14, 2023 at 14:23
  • Aha I missed the KNOW in "I cannot KNOW or change"....
    – Tonny
    Commented Apr 14, 2023 at 14:59

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .