Run tcpdump, and watch for valid traffic... It should give you the valid range of IPs pretty quickly. Watch for broadcast traffic in order to determine the network size (and therefore the appropriate netmask to use).
-Dave > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf > Of Bert Van Kets > Sent: Thursday, November 12, 2009 4:32 AM > To: PaulDotCom Security Weekly Mailing List > Subject: [Pauldotcom] AP without DHCP > > Hi guys, > > I was wondering what methods or commands can be used to get past the > following situation: > You access a WiFi AP with WEP encryption, you get the key and can > connect but do not get an IP address. I assume this is due to the use of > fixed IPs only (no dhcp). How do you get past this? How do you get info > in the IP range? Do I need to nMap scan every possible internal IP range??? > What if no clients are connected and Mac address filtering is switched > on on top of the lack of dhcp? I luckily do have a client Mac address, > but if I didn't have this it would be an extra hurdle. > My knowledge and experience have encountered a concrete wall. How do I > climb it? > > Thanks for any help. > > Bert > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
