[gentoo-user] Find IP of proxy

[gentoo-user] Find IP of proxy

[Mick]

Hi All,

At work there's a rather restrictive gateway in place for connecting
LAN desktops to the Internet.  How would you go about finding its IP
address?

Assume that I am booting with Knoppix for this purpose.
--
Regards,
Mick

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[Ryan Tandy]

Mick wrote:
> Hi All,
>
> At work there's a rather restrictive gateway in place for connecting
> LAN desktops to the Internet.  How would you go about finding its IP
> address?
>
> Assume that I am booting with Knoppix for this purpose.
> --
> Regards,
> Mick
>
>   
Assuming DHCP works and you can access the Internet, simply type "route" 
at a console and look for the Default Gateway.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[JimD]

On Wed, April 5, 2006 6:10 pm, Mick wrote:
> Hi All,
>
>
> At work there's a rather restrictive gateway in place for connecting
> LAN desktops to the Internet.  How would you go about finding its IP
> address?
>
> Assume that I am booting with Knoppix for this purpose.
> --
> Regards,
> Mick

Is there another computer on the LAN already connected?  If so, from a
command prompt in XP:

ipconfig /all

>From Linux:

route

and look for the default route.

Is the network setup for DHCP?  If so, just let knoppix grab an IP via
DHCP and then just run route and look for the entry marked default.

If none of the above apply, then you can ask some one : )

Jim
-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
I'm a geek, but I don't get it. 36-24-36 = -24. What's the significance?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Florida, USA, Earth, Solar System, Milky Way

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[darren kirby]

[-- Attachment #1: Type: text/plain, Size: 614 bytes --]

quoth the Mick:
> Hi All,
>
> At work there's a rather restrictive gateway in place for connecting
> LAN desktops to the Internet.  How would you go about finding its IP
> address?
>
> Assume that I am booting with Knoppix for this purpose.
> --
> Regards,
> Mick

Point a browser to http://checkip.dyndns.org/

or run:

lynx -dump http://checkip.dyndns.org/ | awk '/Current/ {print $4}'

-d
-- 
darren kirby :: Part of the problem since 1976 :: http://badcomputer.org
"...the number of UNIX installations has grown to 10, with more expected..."
- Dennis Ritchie and Ken Thompson, June 1972

[-- Attachment #2: Type: application/pgp-signature, Size: 191 bytes --]

Re: [gentoo-user] Find IP of proxy

[evader]

Hi,

netstat -rn

Your default gateway is likely to be the proxy.

Regards,

evader.
On Thu, 06 Apr 2006 15:11:01 +1000, darren kirby  
<bulliver@badcomputer.org> wrote:

> quoth the Mick:
>> Hi All,
>>
>> At work there's a rather restrictive gateway in place for connecting
>> LAN desktops to the Internet.  How would you go about finding its IP
>> address?
>>
>> Assume that I am booting with Knoppix for this purpose.
>> --
>> Regards,
>> Mick
>
> Point a browser to http://checkip.dyndns.org/
>
> or run:
>
> lynx -dump http://checkip.dyndns.org/ | awk '/Current/ {print $4}'
>
> -d


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[Mick]

On 06/04/06, evader <evader.aether@gmail.com> wrote:
> Hi,
>
> netstat -rn
>
> Your default gateway is likely to be the proxy.

Sorry guys, I should have explained better:

These WinXP desktops have been locked down beyond belief!  Most
commands have been removed from \\WINDOWS\sys32.  What's left is
totally restricted for plain users (which is what I am on this
network).  Running ipconfig /all, or netstat requires a command prompt
which is not available on these machines (I know that because I used
BartsPE and Knoppix to 'look around').  They are just locked down thin
clients with M$Office on them.

Running any network commands on Linux does not show the proxy address
- I wouldn't expect it to since I don't know what it is to export it
in the system env.  The default gateway which is shown is not the
Internet proxy (already checked that).  I assume that the default
gateway is the router for all the desktops on that floor.  The
printers are on a different router.

Pointing a browser to checkip returns the external (as in Internet) IP
address, not the internal (as in LAN) IP address which is what I am
after.  To be exact, it doesn't return anything.  The proxy blacklist
blocks the address along with many more 'network diagnostic' IP
addresses.  But I was able to find out anyway by visiting my server
and checking the logs.

It's really so frustrating.  Anything else I may be able to try? 
Would something like ntop do the trick or will it just pick up all the
other hundreds of routers and switches in the corporate LAN?  (I can't
remember if Knoppix has ntop).

Thanks for all the replies, please keep them coming.
--
Regards,
Mick

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[John Jolet]

On Apr 6, 2006, at 4:36 PM, Mick wrote:

> On 06/04/06, evader <evader.aether@gmail.com> wrote:
>> Hi,
>>
>> netstat -rn
>>
>> Your default gateway is likely to be the proxy.
>
> Sorry guys, I should have explained better:
>
> These WinXP desktops have been locked down beyond belief!  Most
> commands have been removed from \\WINDOWS\sys32.  What's left is
> totally restricted for plain users (which is what I am on this
> network).  Running ipconfig /all, or netstat requires a command prompt
> which is not available on these machines (I know that because I used
> BartsPE and Knoppix to 'look around').  They are just locked down thin
> clients with M$Office on them.
>
> Running any network commands on Linux does not show the proxy address
> - I wouldn't expect it to since I don't know what it is to export it
> in the system env.  The default gateway which is shown is not the
> Internet proxy (already checked that).  I assume that the default
> gateway is the router for all the desktops on that floor.  The
> printers are on a different router.
>
> Pointing a browser to checkip returns the external (as in Internet) IP
> address, not the internal (as in LAN) IP address which is what I am
> after.  To be exact, it doesn't return anything.  The proxy blacklist
> blocks the address along with many more 'network diagnostic' IP
> addresses.  But I was able to find out anyway by visiting my server
> and checking the logs.
>
> It's really so frustrating.  Anything else I may be able to try?
> Would something like ntop do the trick or will it just pick up all the
> other hundreds of routers and switches in the corporate LAN?  (I can't
> remember if Knoppix has ntop).

they locked the desktops down, but still let you boot from a cd?  how  
moronic.
you're probably dealing with a transparent proxy.  the default router  
you see probably has a rule that says "all traffic for port 80 or 443  
from this subnet, redirect over here".  your box would never see that  
router, because by definitions, routes are one-hop only.  a  
traceroute might find it, but unless they gave it an ip that resolves  
locally to "transparent proxy" or something, how would you know?   
that's kinda the whole point of transparent proxies.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[Mick]

On 06/04/06, John Jolet <john@jolet.net> wrote:
>
> they locked the desktops down, but still let you boot from a cd?  how
> moronic.

He, he, they didn't lock the BIOS.  ;-)

> you're probably dealing with a transparent proxy.  the default router
> you see probably has a rule that says "all traffic for port 80 or 443
> from this subnet, redirect over here".  your box would never see that
> router, because by definitions, routes are one-hop only.  a
> traceroute might find it, but unless they gave it an ip that resolves
> locally to "transparent proxy" or something, how would you know?
> that's kinda the whole point of transparent proxies.

Is there perhaps a wildcard traceroute I could do?
--
Regards,
Mick

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[John Jolet]

On Apr 6, 2006, at 4:58 PM, Mick wrote:

> On 06/04/06, John Jolet <john@jolet.net> wrote:
>>
>> they locked the desktops down, but still let you boot from a cd?  how
>> moronic.
>
> He, he, they didn't lock the BIOS.  ;-)
>
>> you're probably dealing with a transparent proxy.  the default router
>> you see probably has a rule that says "all traffic for port 80 or 443
>> from this subnet, redirect over here".  your box would never see that
>> router, because by definitions, routes are one-hop only.  a
>> traceroute might find it, but unless they gave it an ip that resolves
>> locally to "transparent proxy" or something, how would you know?
>> that's kinda the whole point of transparent proxies.
>
> Is there perhaps a wildcard traceroute I could do?

what i'm saying is, you could traceroute to say yahoo, but which of  
the hops is the proxy? you have no way of knowing, except it's  
probaby the next hop after your default router.  but even knowing  
that won't help you avoid it....unless your network guys are  
completely clueless...that segment should have one and only one way  
out, that leads to the router that forwards to the proxy

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The proxy may be on a bridged box, thus, "invisible".
SOmetimes the presence of a proxy can be detected by the Via: header on the http protocol, and by
some "IP show-ers" like showmyip.com (if my memory is not failing again).

- --
Arturo "Buanzo" Busleiman -
Consultor en Seguridad Informatica - http://www.buanzo.com.ar
My Linux and Security Blog at http://linux-consulting.buanzo.com.ar/

Romper un sistema de seguridad los acerca tanto a ser hackers como
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFENZWAAlpOsGhXcE0RAiS2AJ4wTLrTm8RHLWHM4HVbcSkBPh6FigCeIRZc
4BriGOpTGYrAE/DbSKWsvd8=
=OVMs
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[Mike Owen]

On 4/5/06, Mick <michaelkintzios@gmail.com> wrote:
> Hi All,
>
> At work there's a rather restrictive gateway in place for connecting
> LAN desktops to the Internet.  How would you go about finding its IP
> address?
>
> Assume that I am booting with Knoppix for this purpose.
> --
> Regards,
> Mick
>

I'm curious as to why you need the proxy info in the first place. It
sounds like you can connect out just fine, so why bother with
configuring a proxy?

If you are allowed to send icmp and udp traffic out of the network, a
traceroute should show you what hops are on your network. If routing
forces all traffic through this proxy, it'll probably be one of these
hops.

Or, they could be doing policy routing where only tcp port 80/443
traffic goes through the proxy, and all other traffic goes out some
other route. In that case, you'll need to use a tcp traceroute program
configured to probe on port 80, so it is forced through the proxy.

Anyways, it sounds like that company has a few issues with their
security policy if it's so easily circumvented.

Mike

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[Mick]

On 06/04/06, Mike Owen <kyphros@gmail.com> wrote:

> I'm curious as to why you need the proxy info in the first place. It
> sounds like you can connect out just fine, so why bother with
> configuring a proxy?

No I can't connect to the Internet.  Also I believe that icmp traffic
is blocked.  No pings are returned.

>
> If you are allowed to send icmp and udp traffic out of the network, a
> traceroute should show you what hops are on your network. If routing
> forces all traffic through this proxy, it'll probably be one of these
> hops.
>
> Or, they could be doing policy routing where only tcp port 80/443
> traffic goes through the proxy, and all other traffic goes out some
> other route. In that case, you'll need to use a tcp traceroute program
> configured to probe on port 80, so it is forced through the proxy.

How do I do that?

--
Regards,
Mick

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[Mike Owen]

On 4/6/06, Mick <michaelkintzios@gmail.com> wrote:
> On 06/04/06, Mike Owen <kyphros@gmail.com> wrote:
>
> > I'm curious as to why you need the proxy info in the first place. It
> > sounds like you can connect out just fine, so why bother with
> > configuring a proxy?
>
> No I can't connect to the Internet.  Also I believe that icmp traffic
> is blocked.  No pings are returned.
>

On the Windows side, do you have to authenticate to the proxy, or does
it just connect through it?


> >
> > If you are allowed to send icmp and udp traffic out of the network, a
> > traceroute should show you what hops are on your network. If routing
> > forces all traffic through this proxy, it'll probably be one of these
> > hops.
> >
> > Or, they could be doing policy routing where only tcp port 80/443
> > traffic goes through the proxy, and all other traffic goes out some
> > other route. In that case, you'll need to use a tcp traceroute program
> > configured to probe on port 80, so it is forced through the proxy.
>
> How do I do that?
>

emerge -vp tcptraceroute
 :P

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Find IP of proxy

[Mick]

On 06/04/06, Mike Owen <kyphros@gmail.com> wrote:

>
> On the Windows side, do you have to authenticate to the proxy, or does
> it just connect through it?

Just connects throught it.  M$IE is configured to connect tot the
Interner through the proxy.
--
Regards,
Mick

-- 
gentoo-user@gentoo.org mailing list