Getting IP address of a direct-connected computer

A broadcast IP ping might work – not all systems answer to it, but some do when in 169.254 mode. Try ping 169.254.255.255 (needs -b on Linux), or ping ff02::1 (needs ping6 on Linux and possibly a scope such as ff02::1%eth0).

Directly sending a NetBIOS name lookup (using nbtstat -a) might work, if it runs Windows and if you know the computer name. I don't know a LLMNR equivalent.

The 169.254 autoconfiguration involves sending some ARP probes with the host's own address – you can see those in Wireshark, tshark, tcpdump.

"Ethernet ping" exists, but only works at Ethernet level, it won't tell you anything about IP. (It's sometimes implemented in the NIC itself, but mostly not implemented at all.)

"Reverse ARP" also exists, but almost never actually implemented either – its primary use was superseded by BOOTP and later DHCP.


At the moment you connect both computers together, they will try to find a DHCP server. After some seconds the request will timeout and the computer will asign a auto-configurated address to itself. The host will then randomly assign itself a link-local ip-address and broadcasts an arp request over the network to see if its in use

The above is a rewritten summary of https://en.wikipedia.org/wiki/Link-local_address

We can use <any> packet capturing tool to capture those packets and print the ip-addresses of those ARP requests.

Capturing arp packets using wireshark GUI (all platforms)

  1. Capture on all interfaces: yes (alternatively, select the correct interface if you understand it)
  2. Capture filter: arp
  3. Start the capture and look for at the right column for the ip addresses of YOUR pc and the OTHER pc

Capturing arp packets using cli tcpdump (Tested on Linux)

  1. Start/login to a terminal interface
  2. Run the program "sudo tcpdump arp"
  3. Ip addresses of YOUR pc and the OTHER pc will show on the screen

If you configure your machine to get an IP Address from a DHCP server, then obviously, there has to be a DHCP server in the network. Given that you use a direct cable (cross) to connect both computers to eachother, there is no DHCP server, so windows creates a fake random IP address. For this reason, it takes a long time to find each other, because there's no server that manages the connection for you.

The best method would be to add a router with DHCP in the mix, as it will speed up things significantly. But if you don't want to spend any money on this, your second best option is to manaully configure the IP Addresses on both machines to 192.168.0.1 and 192.168.0.2 with a subnetmask of 255.255.255.0

Tags:

Windows

Ethernet

Wired Networking

Recent Posts