Get the following:<\/p>\n
IP address of host
\nIP address of gateway (usually router or firewall)
\nget subnet mask on host
\nGet network CIDR (can be calculated)<\/p>\n
For example, assume we have the following output of ifconfig…<\/p>\n
\r\n[root@CMHLDORLGRD01 ~]# ifconfig eth0\r\neth0 Link encap:Ethernet HWaddr 00:50:56:A9:62:EB\r\n inet addr:172.26.24.25 Bcast:172.26.24.31 Mask:255.255.255.224\r\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\r\n RX packets:24106580889 errors:0 dropped:0 overruns:0 frame:0\r\n TX packets:22645258582 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:1000\r\n RX bytes:34430908645826 (31.3 TiB) TX bytes:6436143231290 (5.8 TiB)\r\n\r\n<\/pre>\n\r\n[root@CMHLDORLGRD01 ~]# route\r\nKernel IP routing table\r\nDestination Gateway Genmask Flags Metric Ref Use Iface\r\n172.26.24.0 * 255.255.255.224 U 0 0 0 eth0\r\n169.254.0.0 * 255.255.0.0 U 0 0 0 eth0\r\ndefault 172.26.24.1 0.0.0.0 UG 0 0 0 eth0\r\n[root@CMHLDORLGRD01 ~]# route -n\r\nKernel IP routing table\r\nDestination Gateway Genmask Flags Metric Ref Use Iface\r\n172.26.24.0 0.0.0.0 255.255.255.224 U 0 0 0 eth0\r\n169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0\r\n0.0.0.0 172.26.24.1 0.0.0.0 UG 0 0 0 eth0\r\n<\/pre>\n\r\n[root@CMHLDORLGRD01 ~]# ping 172.26.24.1\r\nPING 172.26.24.1 (172.26.24.1) 56(84) bytes of data.\r\n64 bytes from 172.26.24.1: icmp_seq=1 ttl=64 time=0.173 ms\r\n64 bytes from 172.26.24.1: icmp_seq=2 ttl=64 time=0.190 ms\r\n\r\n--- 172.26.24.1 ping statistics ---\r\n2 packets transmitted, 2 received, 0% packet loss, time 1000ms\r\nrtt min\/avg\/max\/mdev = 0.173\/0.181\/0.190\/0.015 ms\r\n[root@CMHLDORLGRD01 ~]#\r\n<\/pre>\nSo we have the following:<\/p>\n
IP address of host – 172.26.24.25
\nIP address of gateway (usually router or firewall) – 172.26.24.1
\nget subnet mask on host – 255.255.255.224
\nGet network CIDR (can be calculated) – 224 = 11100000 in binary, so this is a \/27 network (25,26, and 27 bits set)<\/p>\nSince 32 is the last bit (set 25 = 128, 26 = 64, and 27 = 32), our network can hold 30 hosts (one address for the network and one for the broadcast address). Our network ranges are 0 – 31, 32 – 63, 64 – 95, etc.<\/p>\n
Since 25 is in range of 0 – 31, our gateway is also in this range, and our broadcast is in this range, we should be able to connect to the gateway and be routed (if necessary) to other subnets.<\/p>\n
For another example, assume we have the following…<\/p>\n
\r\nEthernet adapter Local Area Connection:\r\n\r\n Connection-specific DNS Suffix . : foobar.com\r\n Link-local IPv6 Address . . . . . : fe80::f453:9c28:392a:da0%12\r\n IPv4 Address. . . . . . . . . . . : 172.26.248.154\r\n Subnet Mask . . . . . . . . . . . : 255.255.255.128\r\n Default Gateway . . . . . . . . . : 172.26.248.129\r\n\r\nWireless LAN adapter Wireless Network Connection:\r\n\r\n Connection-specific DNS Suffix . : foobar.com\r\n Link-local IPv6 Address . . . . . : fe80::84ba:68eb:f0da:c37e%11\r\n IPv4 Address. . . . . . . . . . . : 172.26.248.209\r\n Subnet Mask . . . . . . . . . . . : 255.255.255.128\r\n Default Gateway . . . . . . . . . : 172.26.248.129\r\n\r\n<\/pre>\nSince these are each on the same subnet, we can use the same calculation for each.<\/p>\n
First of all, we can assume the subnet can have 126 hosts, since the last bit set in the subnet mask is 128 in the last octet.<\/p>\n
11111111 11111111 11111111 10000000<\/p>\n
Since our gateway is 172.26.248.129, we can also assume it is the start of the network. As such, our IP range is 172.26.248.129 – 172.26.248.255<\/p>\n
Incidentally, you can also reverse engineer the broadcast address from the subnet mask and the IP address. Given the data above, see below:<\/p>\n
255.255.255.224 is what is below in binary…<\/p>\n
11111111 11111111 11111111 10000000<\/p>\n
…so we take the opposite of that…<\/p>\n
00000000 00000000 00000000 01111111<\/p>\n
…and then convert our IP address to binary…<\/p>\n
172.26.24.25<\/p>\n
10101100 00011010 00011000 00011001<\/p>\n
…and logically OR it with the inverted subnet mask we calculated above.<\/p>\n
10101100 00011010 00011000 00011111<\/p>\n
172.26.24.31<\/p>\n
Notice our answer, as converted from binary, matches the output of ifconfig near the beginning of this post.<\/p>\n
Notice also that we can get the MAC address, and other interesting traffic, with the -e switch to tcpdump<\/p>\n
\r\n[root@CMHLDORLGRD01 ~]# tcpdump -e -i eth0 not port 22\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes\r\n13:22:46.309521 00:1c:73:00:00:99 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: arp reply 172.26.24.1 is-at 00:1c:73:00:00:99 (oui Unknown)\r\n13:22:46.309849 00:50:56:a9:62:eb (oui Unknown) > 00:1c:73:00:00:99 (oui Unknown), ethertype IPv4 (0x0800), length 84: CMHLDORLGRD01.expdev.local.47915 > cmhwdaddc01.expdev.local.domain: 44114+ PTR? 1.24.26.172.in-addr.arpa. (42)\r\n13:22:46.310183 00:1c:73:b5:f1:41 (oui Unknown) > 00:50:56:a9:62:eb (oui Unknown), ethertype IPv4 (0x0800), length 177: cmhwdaddc01.expdev.local.domain > CMHLDORLGRD01.expdev.local.47915: 44114 NXDomain* 0\/1\/0 (135)\r\n13:22:46.310285 00:50:56:a9:62:eb (oui Unknown) > 00:1c:73:00:00:99 (oui Unknown), ethertype IPv4 (0x0800), length 84: CMHLDORLGRD01.expdev.local.37679 > cmhwdaddc01.expdev.local.domain: 24549+ PTR? 69.1.24.172.in-addr.arpa. (42)\r\n13:22:46.310453 00:1c:73:b5:f8:01 (oui Unknown) > 00:50:56:a9:62:eb (oui Unknown), ethertype IPv4 (0x0800), length 122: cmhwdaddc01.expdev.local.domain > CMHLDORLGRD01.expdev.local.37679: 24549* 1\/0\/0 PTR[|domain]\r\n13:23:01.054149 00:1c:73:00:00:99 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: arp reply 172.26.24.1 is-at 00:1c:73:00:00:99 (oui Unknown)\r\n13:23:16.308558 00:1c:73:00:00:99 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: arp reply 172.26.24.1 is-at 00:1c:73:00:00:99 (oui Unknown)\r\n13:23:31.053367 00:1c:73:00:00:99 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: arp reply 172.26.24.1 is-at 00:1c:73:00:00:99 (oui Unknown)\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"Get the following: IP address of host IP address of gateway (usually router or firewall) get subnet mask on host Get network CIDR (can be calculated) For example, assume we have the following output of ifconfig… [root@CMHLDORLGRD01 ~]# ifconfig eth0…<\/p>\n