get ip address from bssid

linux ip penetration-testing
15,593

You can't do that if target access point is protected with WPA/WPA2.

This is why. Getting WiFi to work involves following steps:

  • Associate with target access point. If access point is using WPA/WPA2 and you don't know the password, then you cannot proceed to further steps, and certainly cannot know anything about IP address of target access point.
  • After association, your client (which is typically configured to use DHCP) has no IP address assigned (its IP address is 0.0.0.0). Technically, you can use sniffer at this stage to scan the network and find out IP addressed used, but most sniffers don't like to work with 0.0.0.0 address. To proceed further, your client sends DHCP request, which is served by access point. After getting successful DHCP ack with new IP address, client can proceed to next step.
  • After getting IP address, client can talk to access point and finally knows its IP address (it was served as default router in DHCP ack) - and that would be the answer to your question (yes, that late in the game!). However, even at that point, full network connectivity cannot be assumed. If access point implements captive portal, then your network access may be restricted until you open up web browser and (depending on wireless provider) either accept usage terms, provide some credentials or pay with credit card.
  • After passing captive portal, it is possible (but not common) that access point automatically re-associates and gives you completely different IP address (and access point also has different IP address now, from completely different subnet). This would mean that IP address you learned in previous steps was completely useless to you in terms of knowing actual network infrastructure.
Share:
15,593

Related videos on Youtube

Daniel
Author by

Daniel

Hello, my name is Daniel, i live in Denmark, and i am currently working on some web related projects. Im interested in programming, scripting, flying RC helicopters and playing guitar. :)

Updated on June 04, 2022

Comments

  • Daniel
    Daniel almost 2 years

    I am doing some penetration testing, and im trying to find out, if i can get the IP address of an router if i got the bssid, or any i can get with the AIR tools?

    I use Linux Kali with the Air tools atm.

    I would say this is pretty damn bad if its possible. Basicly most people´s rounters can be reached through their outside IP. Even companies. :O

    So far i tried: - Passive TCPDUMP - Active scanning

    So basicly, is there a way, if so please give me a hint or the answer :-)

    I am 100% refering to some sort of scanning. All kind of cracking, bruteforce, password guessing, access stealing is not what im asking about :-)

  • Daniel
    Daniel over 10 years
    Super, great answer. Thanks :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

multiple default gateways for alias interfaces
Get IP address from python
JAVA: How to create http url connection selecting the ip address to use
ip link and ip addr output meaning
How safe is it to change the Linux Ephemeral Port range
Can't ping broadcast
How to get netmask from bash?
How to build a gateway from my Linux OS
IP of localhost
Route internet address to specific network interface