Need some advice on learning networking

**tsbservice** · 11-27-2020, 05:52 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

Duh. Now I'm feeling really dumb. lol

Billy you're definitely NOT dumb, it's impossible for anyone to know everything

**n25an** · 11-27-2020, 06:10 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

Here's a question for the IT experts on here:

Lets say I suspect that a virus (or something else) is assigning rouge IP address and I want to find out if there's a duplicate IP address. What's the best way to see if there's a duplicate IP address. I know one way is to use a scan tool. I used NetScan Tools Pro and ran an ARP request for the copier IP address. It sent out an ARP request and showed every MAC addresses that's on that IP address. So that's one way. But that's an invasive method and I would need to get permission to run something like that on a customer's network.

Are there any less invasive ways to do this?

yep I thought of the unplug copier thing too... but I got the feeling he was going deeper...
I did a quick search on virus that redirect ip addresseses that led me to dns hijacking as a search term which led me to
DNS hijacks: what to look for - Malwarebytes Labs | Malwarebytes Labs
that article gives an excellent explanation of how it can be accomplished by the virus editing your hostfile and editing your dns entries on your nic... and it goes into other methods as well.. such as router attacks and forced govt internet censorship...

related search terms
dns cache poisoning
dns cache spoofing

at that point you are getting into
white hack ethical hacking and penetration testing...
if you are interested in that stuff... then grab a free copy of kali and install it on a thumb drive you are not using and boot into it from time to time and familiarize yourself... but I warn you that is a field all by itself... so you could be there for a long time...

**BillyCarpenter** · 11-27-2020, 06:14 PM

Re: Need some advice on learning networking

Originally posted by n25an

yep I thought of the unplug copier thing too... but I got the feeling he was going deeper...
I did a quick search on virus that redirect ip addresseses that led me to dns hijacking as a search term which led me to
DNS hijacks: what to look for - Malwarebytes Labs | Malwarebytes Labs
that article gives an excellent explanation of how it can be accomplished by the virus editing your hostfile and editing your dns entries on your nic... and it goes into other methods as well.. such as router attacks and forced govt internet censorship...

related search terms
dns cache poisoning
dns cache spoofing

at that point you are getting into
white hack ethical hacking and penetration testing...
if you are interested in that stuff... then grab a free copy of kali and install it on a thumb drive you are not using and boot into it from time to time and familiarize yourself... but I warn you that is a field all by itself... so you could be there for a long time...

I was going deeper than that, I just used a bad example. Let me try again.

Lets say some rouge agent is handing out duplicate addresses. I want to find all devices on the same IP address and I want to find the source that's handing out the rouge IP addresses. What's the best way to do that?

**KenB** · 11-27-2020, 06:16 PM

Re: Need some advice on learning networking

Originally posted by bsm2

Unplug the copier and if you get a ping Bingo

Always a good idea to run "ipconfig /flushdns" first, before pinging the address. It's possible (however unlikely) to get a false response otherwise.

**KenB** · 11-27-2020, 06:20 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

I was going deeper than that, I just used a bad example. Let me try again.

Lets say some rouge agent is handing out duplicate addresses. I want to find all devices on the same IP address and I want to find the source that's handing out the rouge IP addresses. What's the best way to do that?

Google is your friend. I found this with one simple search:

networking - How do I find if there is a rogue DHCP server on my Network? - Server Fault

**BillyCarpenter** · 11-27-2020, 06:25 PM

Re: Need some advice on learning networking

Originally posted by KenB

Google is your friend. I found this with one simple search:

networking - How do I find if there is a rogue DHCP server on my Network? - Server Fault

I did google it before I asked. There were a wide range of suggestions, I'm just not experienced enough to know the best option. Now, in the link you posted, I did read one method that I hadn't read. And that is to disable to primary DHCP server and see if I get response back from somewhere else. So, thanks for the link.

**KenB** · 11-27-2020, 06:33 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

I did google it before I asked. There were a wide range of suggestions, I'm just not experienced enough to know the best option. Now, in the link you posted, I did read one method that I hadn't read. And that is to disable to primary DHCP server and see if I get response back from somewhere else. So, thanks for the link.

You're welcome.

I think the best option would highly depend on what the customer's IT is willing to do, or let you do.

Not a "one size fits all" solution.

**BillyCarpenter** · 11-27-2020, 06:41 PM

Re: Need some advice on learning networking

Originally posted by KenB

You're welcome.

I think the best option would highly depend on what the customer's IT is willing to do, or let you do.

Not a "one size fits all" solution.

Point taken, my man. lol

I know I'm going well beyond what I'd normally encounter, but I just can't seem to help myself.

**slimslob** · 11-27-2020, 07:12 PM

Re: Need some advice on learning networking

For any Windows OS version the included the net command there was always net use lpt1 \printserver\printer where printserver is the IP address of the printer and printer is the hostname of the print device. It could be put in a batch file used to launch a program or even in the autoexec.bat file.

**Tricky** · 11-27-2020, 08:14 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

I was going deeper than that, I just used a bad example. Let me try again.

Lets say some rouge agent is handing out duplicate addresses. I want to find all devices on the same IP address and I want to find the source that's handing out the rouge IP addresses. What's the best way to do that?

err its been said before install wireshark if you have permission

**slimslob** · 11-27-2020, 08:37 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

I was going deeper than that, I just used a bad example. Let me try again.

Lets say some rouge agent is handing out duplicate addresses. I want to find all devices on the same IP address and I want to find the source that's handing out the rouge IP addresses. What's the best way to do that?

I had an account who was a county water agency. The county had setup a VPN so that the county's IT administer the network and county level administrators could log in and check aspect of operation. There were 3 addresses assigned for the VPN to use. When the county stopped providing IT support for various agencies the water agency with county approval hire a local IT individual but the county failed to inform him of the VPN. When we installed a new color MFP he unknowingly gave us an IP address that was one of the VPN addresses. I won't call the VPN a rouge agent but it did lead to an eventual IP conflict.

**KenB** · 11-27-2020, 10:11 PM

Re: Need some advice on learning networking

Originally posted by slimslob

I had an account who was a county water agency. The county had setup a VPN so that the county's IT administer the network and county level administrators could log in and check aspect of operation. There were 3 addresses assigned for the VPN to use. When the county stopped providing IT support for various agencies the water agency with county approval hire a local IT individual but the county failed to inform him of the VPN. When we installed a new color MFP he unknowingly gave us an IP address that was one of the VPN addresses. I won't call the VPN a rouge agent but it did lead to an eventual IP conflict.

I know this is a bit off topic, but I had a similar situation.

We once set up a Canon color machine (a large CLC model, back in the late '90s) in a major newspaper's graphics department.

The IT person was nice, but a total noob. He called his boss for the IP address to use, but said boss was "too busy" to get him one, and Mr. Bossman shrugged it off.

Mr. Noob gave us an IP address to put in, and it worked nicely.

We (I was training a new guy) trained the key op, and left, not knowing that the IP address was for the main file server.

Needless to say, that totally fubarred the network, but it took a while to determine that. Our pagers both went crazy about an hour after we left. Mr. Bossman was able to quickly determine the duplicated IP address. He unplugged the Fiery from the network, in a heartbeat.

We were told that had it been found much later than it was (something like 30 minutes) that there would not have been a paper printed for the next day. I can only image what that would have cost. Yikes!

**n25an** · 11-27-2020, 10:49 PM

Re: Need some advice on learning networking

Ok techs use their laptops to fix it issues
Good techs use the customers computers
Great techs walk the customer through the fix over the phone

I am ok to good.... but I have met great... they are sharp cookies

**BillyCarpenter** · 11-29-2020, 11:46 AM

Re: Need some advice on learning networking

A few days ago I got my wireless network card and router and I've been playing around with them since. Here's what I've learned;

-It's one thing to read about what you can do but it's much better to actually do it for real.
-I now understand what the hell is going on with wireless and ethernet connection.

Lets start with wireless. I was thoroughly confused a couple of week ago at a clients office because he had a 2 wireless routers on 2 different networks and a wireless PC and he was able to access the internet from both routers. Turns out as long as you have the same gateway on both routers, that's all you need. Nothing else is required. Simple enough but it had me confused.

Also, I set 2 routers up on 2 different networks and 2 printers on 2 different networks and by having 2 different IP addresses on my computer's NIC, I can print to both printers on the different networks. You can also have 2 different IP addresses on your wireless NIC card and do the same. I have to thank Ken for that information. It's kinda cool.

That's it for now.

**bsm2** · 11-29-2020, 01:04 PM

Re: Need some advice on learning networking

Originally posted by BillyCarpenter

A few days ago I got my wireless network card and router and I've been playing around with them since. Here's what I've learned;

-It's one thing to read about what you can do but it's much better to actually do it for real.
-I now understand what the hell is going on with wireless and ethernet connection.

Lets start with wireless. I was thoroughly confused a couple of week ago at a clients office because he had a 2 wireless routers on 2 different networks and a wireless PC and he was able to access the internet from both routers. Turns out as long as you have the same gateway on both routers, that's all you need. Nothing else is required. Simple enough but it had me confused.

Also, I set 2 routers up on 2 different networks and 2 printers on 2 different networks and by having 2 different IP addresses on my computer's NIC, I can print to both printers on the different networks. You can also have 2 different IP addresses on your wireless NIC card and do the same. I have to thank Ken for that information. It's kinda cool.

That's it for now.

One thing to check on client pc if can't print or scan to pc is does pc have a hard wire and wireless turned on.

Always use the hardwire connection faster

Disable the wireless

Need some advice on learning networking

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment