[Sarc]

So, today I took my PB to the Uni. for the first time. Pluged it to a network acces point, hoping for a DHCP server, wich wasn't there.
So, there I was, with no valid IP or network access.

Launched the Terminal and ran tcpdump (sudo tcpdump -i en0) to capture all packets in the newtwork. There I saw that the IP range was 172.xxx.xxx.xxx, so I assigned to me a random IP in that subnet, then I set up the router for 172.xxx.xxx.1 .. that worked, I could get access to IP's on the internet but no domain names. First problem, I had no DNS for the Uni's network. I ended up using my ISP's .. and voila, Internet access with loads of bandwith.

So I had some questions.
Is there an easy way to find the DNS server ? I thought of running nmap to the entire subnet but that takes some time. Anyone ?

Also, I tried using bittorrent, but it didn't work, so we are either NATed (I'm almost sure of this) or the ports are blocked.
Any way to make a SSH tunnel or something to use say port 80, or some way to get over NAT ? (since I obviously don't have access to the router).

Anyway, later I found out that if you ask for an IP the admin will give you one, you just need to sign a paper.

The questions here are for my personal knoledge though ...

Any help appreciated, thx.

[leperkuhn]

My School's Network (in certain buildings) required my MAC address to be given to the sys admin there.

[Person Man]

Originally posted by Sarc:

<Stuff cut>

So I had some questions.
Is there an easy way to find the DNS server ? I thought of running nmap to the entire subnet but that takes some time. Anyone ?

<Stuff cut>

Anyway, later I found out that if you ask for an IP the admin will give you one, you just need to sign a paper.

Well, if I were you I wouldn't run nmap on your university's network, nor would I run it on any network that didn't belong to you. Most system admins see that as a malicious act, and you could get in BIG trouble that way.

If asking them for an IP address gets you one, then I bet they'll tell you the DNS server addresses too.

[wataru]

At my university you have to log in through a special website before you can access anything. Maybe it's similar at yours.

[bstone]

I am a university sysadmin. While we do not run DHCP, if you did what you did on our network it would work until you kicked someone legit off. Then Network Security would trace your MAC address to a port and we'd be on your tail pretty quickly. Some of our subnets are absolutely filled, so this would become known soon. Other machines have been squatting for months and even years.

[Brass]

If you tried that stunt at the Uni where I work, you'd be in big trouble, and in danger of being expelled, as it is against the guidelines which everyone signs.

Even apart from the fact that you may have swiped somebody elses legitimate IP address and possibly disrupted their legitimate network usage.

Any reason why you went ahead and just did all this without actually asking the network administrators about the correct way?

[mitchell_pgh]

1/2 the time, the University will publish their DNS.

You could also do a search for it on Google...

[CharlesS]

Yeah, at the university where I go to school, there are a few Macs in the lab that can't connect to the internet because some jerk stole their IP addresses. It's very annoying, and it makes the Mac look bad - even though it's not the Mac's fault at all, people just see that it doesn't work and say "Oh, the Mac's networking is flaky."

[Brass]

Originally posted by CharlesS:
Yeah, at the university where I go to school, there are a few Macs in the lab that can't connect to the internet because some jerk stole their IP addresses. It's very annoying, and it makes the Mac look bad - even though it's not the Mac's fault at all, people just see that it doesn't work and say "Oh, the Mac's networking is flaky."

Yeah, TCP/IP is what's really flakey. It's such an old networking architecture... don't know if it will ever be replaced by anything better though... too much inertia.

[ratlater]

Using static IPs to run a large network, especially at a university is nuts. We have a few departments at the university I work at that wants to manage IPs manually (big headache for everyone). DHCP is so powerful that there is very little reason to not use it.

As far as locating a DNS server, you could try to sniff traffic looking for anything destined to UDP port 53. It is unlikely that your school has a DNS server on every subnet, so scanning the local network wouldn't be very helpful.

-matt

[Sarc]

jesus ppl. I did what I did because I-really-needed-internet-acces in that particular moment. And hell I know what it implies.
Please answer the god damn question.

Thx ratlater.
Anyone have any idea for making BT work ?

[bstone]

Originally posted by ratlater:
Using static IPs to run a large network, especially at a university is nuts. We have a few departments at the university I work at that wants to manage IPs manually (big headache for everyone). DHCP is so powerful that there is very little reason to not use it.

As far as locating a DNS server, you could try to sniff traffic looking for anything destined to UDP port 53. It is unlikely that your school has a DNS server on every subnet, so scanning the local network wouldn't be very helpful.

-matt

True DHCP is much easier and not nearly as time consuming. I wish we had that option but if we did then our subnets would fill so quickly and we'd be really screwed. VLANS a plenty but we can't keep up (talk to the IP admins).

[mitchell_pgh]

Originally posted by Sarc:
jesus ppl. I did what I did because I-really-needed-internet-acces in that particular moment. And hell I know what it implies.
Please answer the god damn question.

Thx ratlater.
Anyone have any idea for making BT work ?

Who... cool your jets...

mitchell_pgh to the rescue!!!

Behold, the power of the terminal...

Code:
[mitchell_pgh:~] mitchell_pgh% whois ucla.edu

This Registry database contains ONLY .EDU domains.
The data in the EDUCAUSE Whois database is provided
by EDUCAUSE for information purposes in order to
assist in the process of obtaining information about
or related to .edu domain registration records.

The EDUCAUSE Whois database is authoritative for the
.EDU domain.

A Web interface for the .EDU EDUCAUSE Whois Server is
available at: http://whois.educause.net

By submitting a Whois query, you agree that this information
will not be used to allow, enable, or otherwise support
the transmission of unsolicited commercial advertising or
solicitations via e-mail.

You may use "%" as a wildcard in your search. For further
information regarding the use of this WHOIS server, please
type: help

--------------------------

Domain Name: UCLA.EDU

Registrant:
   The Regents of the University of California
   Office of the Secretary of the Regents
   1111 Franklin Street, 12th Floor
   Oakland, CA 94607
   UNITED STATES

Contacts:

   Administrative Contact:
   Michael Stone
   UCLA Marketing & Communication Services
   10920 Wilshire Boulevard, #1500
   Los Angeles, CA 90024
   UNITED STATES
   (310) 794-6848
   marketing@support.ucla.edu


   Technical Contact:

   UCLA Network Operations Center
   UCLA Communications Technology Services
   Bldg CSB1 2nd floor
   741 Circle Dr South
   Los Angeles, CA 90095-1363
   UNITED STATES
   (310) 206-5345
   noc@noc.ucla.edu


Name Servers:
   DNS.UCLA.EDU         164.67.128.1
   DNS2.UCLA.EDU                164.67.128.2
   DNS3.UCLA.EDU                164.67.128.3
   ADNS2.BERKELEY.EDU   128.32.136.14

Domain record activated:    24-Apr-1985
Domain record last updated: 16-Oct-2003

[mitchell_pgh]

to see if you are behind a NAT

go to http://www.whatismyip.com/

and then check to see what your IP is in preferences... if they are the same, you aren't, if they are different, you are.

Bo ya... I'm on a roll...

[mitchell_pgh]

Yes, you can have SSH use port 80, but then you wouldn't have internet access.

This is the tip of the iceburg...

http://quark.humbug.org.au/publicati...t-forward.html

[Moose]

Originally posted by ratlater:
Using static IPs to run a large network, especially at a university is nuts. We have a few departments at the university I work at that wants to manage IPs manually (big headache for everyone). DHCP is so powerful that there is very little reason to not use it.

I'm pretty sure they're not using manual static addressing.

Not getting an IP address from a DHCP server doesn't mean that DHCP isn't being used.

[mitchell_pgh]

Originally posted by Moose:
I'm pretty sure they're not using manual static addressing.

Not getting an IP address from a DHCP server doesn't mean that DHCP isn't being used.

My university uses a bastardized version of DHCP.

[Sarc]

Originally posted by mitchell_pgh:
My university uses a bastardized version of DHCP.

bootp ?

[Person Man]

Originally posted by ratlater:
As far as locating a DNS server, you could try to sniff traffic looking for anything destined to UDP port 53. It is unlikely that your school has a DNS server on every subnet, so scanning the local network wouldn't be very helpful.

Again, I wouldn't recommend this for the same reasons I wouldn't recommend running nmap on a network that is not yours... if the sniffing is detected, it will be seen as a malicious act and would land you in a WORLD of trouble.

Bottom line, don't go snooping around a network that's not yours. This isn't the trusting internet of 15 years ago anymore. Sad, but true.

[ginoledesma]

The best people to ask would be your Systems Administrators. I'm sure they have their phone listed in your campus directory, and if the hotspot is available for public use, they'd give you instructions on how to set it up.

Another way would be to look up the configuration option of another PC or Mac that is on the network. You can usually "clone" the settings (save for the IP address, of course).

If asking isn't in your options, I think you can do a sweep of servers at port 53 (DNS), assuming your network follows standards. Some campuses have local DNSs per subnet that simply forward to centralized DNS servers, and these usually run at the first set of IPs in the block (usually ending in .1 or .2) or the end of the block (.254). Again, the best people to answer these would be your system administrators.

As for Bittorrent, its really hard to make it work if you're behind NAT, and layers and layers of NAT as it usually is in most campuses. The very least you'd have to do is to have a computer with global access map ports back to you, but that alone requires you to be able to initiate a direct connection to that computer.

[Person Man]

Originally posted by Person Man:
Again, I wouldn't recommend this for the same reasons I wouldn't recommend running nmap on a network that is not yours... if the sniffing is detected, it will be seen as a malicious act and would land you in a WORLD of trouble.

Bottom line, don't go snooping around a network that's not yours. This isn't the trusting internet of 15 years ago anymore. Sad, but true.

Note that I am not against people making these suggestions per se, but to not include a disclaimer like the above is irresponsible.

[dreilly1]

Originally posted by mitchell_pgh:
Behold, the power of the terminal...

Code:

Name Servers:
   DNS.UCLA.EDU         164.67.128.1
   DNS2.UCLA.EDU                164.67.128.2
   DNS3.UCLA.EDU                164.67.128.3
   ADNS2.BERKELEY.EDU   128.32.136.14

If the campus is being NAT'ed or firewalled or whatever, then the DNS server visible to the outside world may not necessarily be the same as the one used internally, right?...

[mitchell_pgh]

Originally posted by dreilly1:
If the campus is being NAT'ed or firewalled or whatever, then the DNS server visible to the outside world may not necessarily be the same as the one used internally, right?...

The university that I work at (not the one above) has our DNSs publicly listed, but I don't think you can connect to them if you aren't in the subnet.

[mitchell_pgh]

Originally posted by Person Man:
Note that I am not against people making these suggestions per se, but to not include a disclaimer like the above is irresponsible.

Yes/No

It's a university. You are there to learn. Read what you agreed to when you signed up for service. If they say no scanning of the network, then that's what you agreed to and you should stick to it.

If not, they you should feel free to scan, but understand that you may have to explain your actions (not likely considering they don't have your MAC address). Also realize that you may be placed on lists or questioned if found out. Scanning is usually associated with malicious activities, but it's almost impossible to track you down because MILLIONS of scans are done every day. You should learn how to scan appropriately...

P.S. Don't do anything dumb. Talk to the network people. Most of them aren't bad people. If they have a major problem with your computer, that's when you try what you are doing.

[CharlesS]

Originally posted by mitchell_pgh:
P.S. Don't do anything dumb. Talk to the network people. Most of them aren't bad people. If they have a major problem with your computer, that's when you try what you are doing.

Not necessarily - there's still another option. If they claim they don't support the Mac, you just do this:

"Okay, I have a box here running Windows XP. Now what?"

"Go to the Start menu, Control Panels, TCP/IP"

<click on System Preferences, Network>

"Okay, now what do I type in?"

etc.

[Kristoff]

In Soviet Russia, the University Network uses YOU!!!

oh, sorry...I thought I was on /. for a sec...

[mitchell_pgh]

Originally posted by CharlesS:
Not necessarily - there's still another option. If they claim they don't support the Mac, you just do this:

"Okay, I have a box here running Windows XP. Now what?"

"Go to the Start menu, Control Panels, TCP/IP"

<click on System Preferences, Network>

"Okay, now what do I type in?"

etc.

^ I've used this a few times... "Oh, you don't support Macs, well, how would you do it on Windows"

If they don't support Macs, ask "smart" questions... Do you use DHCP or static IP addresses etc. etc.

[mitchell_pgh]

Originally posted by Kristoff:
In Soviet Russia, the University Network uses YOU!!!

oh, sorry...I thought I was on /. for a sec...

True, very true...

[Person Man]

Originally posted by mitchell_pgh:
Yes/No

It's a university. You are there to learn. Read what you agreed to when you signed up for service. If they say no scanning of the network, then that's what you agreed to and you should stick to it.

If not, they you should feel free to scan, but understand that you may have to explain your actions (not likely considering they don't have your MAC address). Also realize that you may be placed on lists or questioned if found out. Scanning is usually associated with malicious activities, but it's almost impossible to track you down because MILLIONS of scans are done every day. You should learn how to scan appropriately...

P.S. Don't do anything dumb. Talk to the network people. Most of them aren't bad people. If they have a major problem with your computer, that's when you try what you are doing.

Not to nitpick or anything, but how can "feel free to scan" be compatible with "understand that you may have to explain your actions," and "also realize that you may be placed on lists or questioned if found out?"

Yes, you may not get caught, but there is always the chance that you could, and I have seen computer security departments make HUGE examples of the people who do get caught, even if the scanning or port mapping was unintentional.

Also, yes, you are at the university to learn. But, there's learning and then there's network abuse, and it is hard to distinguish between the two, and, by your own admission, once caught, you most likely will be considered guilty until proven innocent. I would imagine that computer science departments have "sandboxes" where people learning about networking or networking security can "play" without disrupting the rest of the campus.

And even if the terms of service don't explicitly mention these activities, you could still get in trouble if caught. In my opinion, the potential consequences of being caught (see above scenario), outweigh the (admittedly very small) risk of getting caught.

As I said earlier, any advice to port scan or sniff a network you don't administer, regardless of whether it is explicitly disallowed or not in the Terms of Service (besides, if not explicitly spelled out, there is usually a very broad statement about agreeing "not to use the network in an inappropriate manner"), should come with some type of warning that there is a risk of being caught. (i.e. CYA, so someone can't come back at you saying, "you told me to do this and I did it and got caught!")

[mitchell_pgh]

^ I agree

I meant that you should search for information. if a sandbox is available, use it, but at the same time, don't let it hinder you. I've never hacked a system, but I've done plenty of scanning. It's just that some people view scanning as malicious hacking and others see it as"part of the internet". It's a fine line.

You either view it as looking around for a public bathroom,
or
walking around a house trying to open every window and door...

I would simply play it cool. I highly recommend scanning intelligently. Do your homework, don't simply scan the entire network, pick what you are looking for and search for it.

Also, TCPdump is always considered malicious hacking. You will get in trouble if discovered.

[Kristoff]

Originally posted by mitchell_pgh:
True, very true...

....And what's with your sig?

[Kristoff]

Originally posted by mitchell_pgh:

Also, TCPdump is always considered malicious hacking. You will get in trouble if discovered.

C'mon...that's bologna.

I use TCPdump all the time. How would anyone even know you are using it? It's a local app that dumps your adapter traffic to stdout (or a file if specified). That coupled with Ethereal are the most valuable tools for debugging any sort of code you've written that uses the network. I would venture to say that NMAP is viewed as malicious when tcpdump is viewed as a useful tool. That's why OS X comes with tcpdump and not nmap (which is quite trivial to compile, btw).

Also, network admins know exactly which router/switch ports a scan originated on. So, if you're in your dorm room plugged into the net, it's quite trivial to track you down. I speak from experience here.

So, my advice (which isn't much different) is:
Feel free to tcpdump (on your own machine) whenever you want.
Read the dump files with Ethereal to help understand what's going on.
nmap with caution only when you are trying to find something specific and are justified in your attempt to locate the host/port. Never use abusive scanning techniques.

[Sarc]

Originally posted by Kristoff:
So, my advice (which isn't much different) is:
Feel free to tcpdump (on your own machine) whenever you want.
Read the dump files with Ethereal to help understand what's going on.

what can I gain by reading the dumps on ethereal that I can't see in tcpdump ?
(I don't feel like installing fink, downloading ethereal, etc, unless of course there's a new OS X package that I don't know of that doesn't require X11)

thx

[Kristoff]

dude, I hate Fink.

Just download the Ethereal source, untar, ./configure, make, make install

End of story

And I can't answer your question in this tiny space. Ethereal is an extremely power analyzer. tcpdump just gets you the stream.

If you want to know what all Ethereal can do, check it out yourself.