Re: [gentoo-user] [OT] Interrogate network for devices

[Mick <michaelkintzios@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 5805 bytes --]

On Sunday 10 February 2008, reader@newsguy.com wrote:
> Sorry for the OT, but unable to raise anyone at comcast right now.
>
> I think I recall having read somewhere that one can do something to
> discover what devices are on a network (Home lan). And what there
> addresses are.

You are looking for route and arp commands.  However, if you are not part of a 
network all you might see is your PC's loopback entry - the arp and routing 
tables will be empty.

> I've recently switched from DSL to Cable connection but still have
> both working currently.
>
> I had assumed my netgear-firewall/router would find the Cable modem and
> be able to talk to it, but that isn't happening.

This could be for a number of reasons.  Is the cable modem a pure modem, or is 
it also a router?  Is authentication to the ISP's network configured at the 
PC, or is it configured at the modem?

If the authentication is configured at the PC/client end rather than the 
modem, then you are probably not using the correct encapsulation for the 
cable network and, or have not cloned/spoofed the MAC address of the 
nominated client (your PC).  I guess that your ADSL will be using PPP over 
ATM (PPPoA), if it's anything like what we have in most of the UK, while your 
cable is most likely using PPP over Ethernet (PPPoE).  In any case, you will 
need to change the respective settings in your Netgear router.  BTW, which 
router is it?  If it is one of the DG834 domestic models, these have both 
(ADSL) modem and router combined into one unit.  Again, depending on whether 
your cable modem acts as a bridge or as a client on the Comcast network you 
may or may not need to set up authentication on the router side (in the 
Netgear modem configuration).

> I can connect the cable modem direct to a pc and using the software
> that comes with it establish a connection to the internet, but I
> wanted to have that firewall/router in between the cable modem and home
> pcs.
>
> But that is only on a windows machine.

That should not stop you finding out what IP address the PC uses to connect to 
the modem and if needed what the MAC address of the PC's NIC is that Comcast 
has registered as a legitimate client.  Go to My Connections and select the 
NIC being used to connect to the modem and then click on Status/Support and 
note what the IP Address:  shows.  If this a private reserved LAN IP address 
then check what the Default Gateway: IP address is.  Use that in a browser, 
or telnet console to connect to your modem.  If however this is an Internet 
address then this won't be good for connecting to modem, which is now acting 
as a bridge to the ISP's network - the IP address is served by your ISP's 
dhcp server.  Another way to find out what IP addresses are being seen by the 
PC is to go to Run and enter ipconfig /all.  Note the IP Address: and Default 
Gateway: as above.  Also note the MAC address (this is called Physical 
Address).  In summary, enter the MAC address into your Netgear router and try 
to connect without authentication, in the hope that the cable modem deals 
with that.  If this does not work, then also enter the username/passwd and 
select PPPoE for encapsulation.  In both cases select dhcp as opposed to 
static IP on the router.

> The help file that comes with the modem provides no information about
> how one talks to the modem.  No ethernet address is supplied.  However
> it is an ethernet device and connects to the pc with ethernet cable.
>
> Apparently comcast felt it wiser to provide no details and let its
> software do the connecting.

This is because the vast majority of users out there will never want or be 
able to connect to the modem.  The few who connect could well mess it up and 
raise fault tickets unnecessarily.  So Comcast are trying to reduce user 
generated errors proactively.

> But can't I learn the IP address (inward facing) of the modem?  The IP
> from outside is of course visible to ipconfig, when connecting to
> internet from a windows machine thru the cable modem, but I see
> nothing that indicates what its lanside ethernet address is.
>
> Its obviously connecting to the pc with dhcp so setting the netgear to
> listen for dhcp seemed like it should work... but doesn't.

See above regarding the MAC cloning and authentication encapsulation.

> I thought I would be able to connect to the cable modem with a browser
> and maybe learn enough to make the netgear router/firewall connect to
> it, or one of my gentoo boxes, so have tried a few of the
> semi-standard addresses  other ethernet hubs/routers etc default to, like
> 192.168.0.1, 192.168.1.1 and a few more.

Have you also tried: 

192.168.1.254 and .255
10.10.10.1 and 10.1.10.1

BTW, before you try to connect to any of the above first change your Gentoo's 
IP address statically, by running as root:

ifconfig 192.168.0.2

The exact number is not important as long as it is in the same subdomain (e.g. 
192.168.0.0) and it does not conflict with the expected LAN IP address of the 
router.

A quick way to see who's on the particular subdomain is to run nmap:
===========================================
$ nmap -sP 192.168.0.0/24

Starting Nmap 4.50 ( http://insecure.org ) at 2008-02-10 12:53 GMT
Host 192.168.0.1 appears to be up.
Host 192.168.0.6 appears to be up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 14.301 seconds
===========================================

In this example I have scanned all addresses within the subdomain 192.168.0.0 
after I set statically my PC's IP address to 192.168.0.6.  As you can see 
from the results above, by process of elimination 192.168.0.1 is the address 
of the router.

HTH.
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]