Discover The Unknown IP Address using Wireshark

Did you purchase a second-hand IP device didn’t know what the IP address was? How can you easily discover the IP address to reconfigure your device? Is a hard reset your only, and last resort? What if you don’t have the default factory reset? I will help you answer all of these questions in this short blog post.                           

Two weeks ago, I purchased a second hand IBM System Storage D3300 for my new lab. It had a great price tag of AUD350 from eBay. The challenge I faced when I picked it up was that the seller didn’t know anything about it, except that it worked.

A search around the Internet for the default IPs of the D3300 didn’t help at all; and it seems the previous owner kept his IP configuration on the two controllers.

The only information I know about the D3300 IPs is the MAC addresses of each NIC; they are written next to each network port. So, I had a simple solution, and I will describe it here.

Connecting to the switch:

To minimize my workload and effort, I connected my laptop and the D3300 to a small switch. With the switch, I have minimised the traffic and packets I have to search and analyse in the next step.

Installing a Wireshark: 

Next, I downloaded and installed Wireshark on my Mac laptop. I started capturing all the packets and searching through them for an ARP package. To speed up the process, disconnect the D3300 from the switch port, then reconnect it when you start the Wireshark packet captures.

On packet 19, I saw the ARP I was looking for; the confirmation was the presence of the last three MAC address digits I previously acquired from NICS on the back of the D3300. Straight away I noticed something interesting; the D3300 is IBM, but the packet source was generated by a Netapp storage. IBM has outsourced the controller; but anyway, let’s keep going.

To validate what I had found, I expanded the Address Resolution and checked the MAC and the configured IP:

As you can see, the MAC address and the configured IP address are presented. Now I know the IP address of the management controller NIC, associated with the NIC MAC address I have already acquired from the back of the card, and the packet capture; that means this is the right IP address, the one I am looking for.

Next Step:

Now I need only to configure my laptop IP address to be part of the same subnet as the D3300 and connect to the newly acquired IP address. Next, I reconfigure the storage to the settings I want it to have to join my lab.

Conclusion:

As you can see, the process to discover the unknown IP address is very simple and won’t cost you anything. The Wireshark app download is a free network protocol analyzer, and is easy to use. The process can take as little as five minutes if you are familiar with Wireshark, or any other network analyzer. The outcome is worth it, especially when you are keen to use your new D3300 storage device.

Leave a Reply