Protecting the Data Evidence (by Casey Mullis)
Rocks, Hard Places and Everything In-Between (by Paul W. Smith)

Hunting For Devices With ARPS And Wireshark (By Tony Fortunato)

It always gives me sense of satisfaction when I have a challenge and can leverage some knowledge to figure out.

Today I was in the lab and was powering on two Cisco switches when I noticed that they weren’t labeled with their IP addresses.  I’m not sure why I did not label them, but now I have to pay for it.

For those of you who have not been in this situation before I will explain.  My switches have a DB9 serial connection and of course good luck finding a computer with a serial port. So now I have to rummage through the box of wires to find the serial to USB adapter.  I have had to buy a second one in 2 years since my original does not have a Windows 7 driver, but I digress. After I find the cable, I have to find the installation disk because last week I migrated to a new laptop….  I’m sure you get the picture.

On to plan B.  I know the switches have IP addresses since I hard code IP addresses on all of my switches. 

Now here’s where a bit of knowledge comes in. I know that when a device powers up and either obtains an IP addresses via DHCP/BOOTP or statically has an IP assigned it will send out a specific ARP called a gratuitous ARP.

Perfect, now all I have to do is make sure the switch port is connected to my subnet, start any protocol analyzer (I chose Wireshark) and power up the switches.

In this video I show you how to find the Gratuitous ARP quickly, create a display filter  and lastly, locate the 2 switches’ IP addresses.



Continue reading other LoveMyTool posts by Tony Fortunato »