Jump to content
Sign in to follow this  
robzy

Where is 192.168.1.1 coming from?

Recommended Posts

robzy@cookiemonster:~$ ifconfig
eth0	  Link encap:Ethernet  HWaddr 00:19:66:25:9b:de
		  inet addr:192.168.0.14  Bcast:192.168.0.255  Mask:255.255.255.0
		  inet6 addr: fe80::219:66ff:fe25:9bde/64 Scope:Link
		  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
		  RX packets:29494234 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:58503724 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:1000
		  RX bytes:874153024 (874.1 MB)  TX bytes:3577527543 (3.5 GB)
		  Interrupt:22 Base address:0xb800

lo		Link encap:Local Loopback
		  inet addr:127.0.0.1  Mask:255.0.0.0
		  inet6 addr: ::1/128 Scope:Host
		  UP LOOPBACK RUNNING  MTU:16436  Metric:1
		  RX packets:570879 errors:0 dropped:0 overruns:0 frame:0
		  TX packets:570879 errors:0 dropped:0 overruns:0 carrier:0
		  collisions:0 txqueuelen:0
		  RX bytes:41448915 (41.4 MB)  TX bytes:41448915 (41.4 MB)

robzy@cookiemonster:~$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.957 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.752 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=1.14 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.752/0.952/1.149/0.165 ms

robzy@cookiemonster:~$ traceroute 192.168.1.1
traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  6.563 ms  6.594 ms  6.655 ms

But....

 

robzy@cookiemonster:~$ arp -na
? (192.168.0.1) at 00:26:f2:d2:01:fe [ether] on eth0
? (192.168.0.11) at 00:16:e6:de:26:58 [ether] on eth0
? (192.168.0.13) at 00:16:e6:8d:c5:3c [ether] on eth0
robzy@cookiemonster:~$

I'm getting similar results in my Win7 box on the same network.

 

Where is 192.168.1.1 coming from?

 

Rob.

 

 

Firing up Wireshark on Win7 I found that both a PING to .0.1 and to .1.1 go to the Netgear router MAC, and both REPLYs come from the Netgear Router MAC.

 

I wonder why the Netgear router is creating a 192.168.1.1 on a subnet that shouldn't have it.

 

Rob.

Share this post


Link to post
Share on other sites

Makes sense that the response will be coming from the router as it is is most likely your default gateway. As to why it has what network configured on the router, it might have a separate DMZ or maybe and alternate VLAN setup with that IP assigned.

Share this post


Link to post
Share on other sites

Must live on the router, probably a virtual interface like some others have said.

Share this post


Link to post
Share on other sites

As to why it has what network configured on the router, it might have a separate DMZ or maybe and alternate VLAN setup with that IP assigned.

But why? And why would it be reachable from an external interface?

 

Rob.

Share this post


Link to post
Share on other sites

Does your router have Wireless as well? Some routers will have a Wireless VLAN seperate from the Wired VLAN... That could explain why it's there?

 

Otherwise, see if you can check your static routes in your router, because for 0.0 and 1.0 to talk to each other there needs to be some kind of route between them.

Share this post


Link to post
Share on other sites

Must live on the router, probably a virtual interface like some others have said.

+1 or it's an alias.

Share this post


Link to post
Share on other sites

Check your routers config, and see that your firewall is configured correctly, etc. Have a good luck, unplug it from the outside while making sure.

Share this post


Link to post
Share on other sites

Nope, WLAN is .0.0/xx too.

 

This, I think, is the routing table... which mentioned the .0.1/xx subnet, but doesn't really seemto give much info into it:

 

Routing Table
Destination 	Gateway 	Mask 	Flags 	Interface
0.0.0.0 	10.80.0.1 	0.0.0.0 	UG 	bcm0
10.80.0.0 	10.80.0.0 	255.255.0.0 	U 	bcm0
10.222.64.0 	10.222.64.0 	255.255.192.0 	U 	bcm5
127.0.0.0 	127.0.0.1 	255.0.0.0 	UG 	UG
127.0.0.1 	127.0.0.1 			  U 	U
192.168.0.0 	192.168.0.0 	255.255.255.0 	U 	bcm4
192.168.1.0 	192.168.1.0 	255.255.255.0 	U 	bcm4
192.168.2.0 	192.168.2.0 	255.255.255.0 	U 	bcm4
192.168.3.0 	192.168.3.0 	255.255.255.0 	U 	bcm4
192.168.100.0 	192.168.100.0 	255.255.255.0 	U 	bcm1
220.239.206.0 	220.239.206.0 	255.255.255.0 	U 	bcm2

And yes, .2.1 and .3.1 are also pingable (But .4.1 isn't).

 

Rob.

Share this post


Link to post
Share on other sites

The config file, unfortunately, looks like binary - not ASCII.

 

No results for "192.168" at all.

 

[edit]: Duh! It's binary. Which means I'm looking for C0A8 (or visa versa depending on endianess). Found a hit, but have to run out now, so no time to look into it :P

 

Rob.

Edited by robzy

Share this post


Link to post
Share on other sites

Ah, I know the DG834's config is text.

 

Possibly it's by design for some reason. Or have you ever changed the router's IP to those you can ping? If so, perhaps it just adds aliases or something when you make changes.

 

Either way it's dodgy, but it's no big deal unless you wanted to use those addresses.

Share this post


Link to post
Share on other sites

Or have you ever changed the router's IP to those you can ping? If so, perhaps it just adds aliases or something when you make changes.

Either way it's dodgy, but it's no big deal unless you wanted to use those addresses.

It shouldn't be any big deal, but now I'm very curious :P

 

Rob.

Share this post


Link to post
Share on other sites

I'm curious to find out if a 192.168.1.1 static address device added to the network cries or not.

 

Not helpful. But curiousity.

 

AD

Share this post


Link to post
Share on other sites

Which router do you have?

I have seen .... odd.... arp / MAC occurrences in a few of the units, so I'm not totally surprised by what you are saying. Would still be interesting to look into though.

Share this post


Link to post
Share on other sites

done a portscan on 192.168.1.1?

Yeah, should've mentioned, zilch. Not stealthed though, they appear to respond RST.

 

Which router do you have?

I have seen .... odd.... arp / MAC occurrences in a few of the units, so I'm not totally surprised by what you are saying. Would still be interesting to look into though.

Netgear somethingorother with built in DOCSIS modem. Although .1.1 doesn't seem to be connected to the modem at all.

 

Rob.

Share this post


Link to post
Share on other sites

Have you tried connecting to 192.168.1.1 in a browser?

They may have it there so the manual instructions still work, even if you change the IP address, to help retards configure their system.

Share this post


Link to post
Share on other sites

Have you tried connecting to 192.168.1.1 in a browser?

No ports are opened, including port 80.

 

Rob.

Share this post


Link to post
Share on other sites

Netgear somethingorother with built in DOCSIS modem. Although .1.1 doesn't seem to be connected to the modem at all.

Ah, cable!

 

The DOCSIS modem part of your router probably has that IP.

 

When I had Bigbong cable, the Motorola modem had that IP internally, even though it gave a public IP to my router box.

 

You can't do much with it, it's mainly for diagnostics. It tells you signal and noise levels. Riveting.

 

If you tracert to 192.168.1.1, you'll probably find its going through your gateway to get there. Re-read OP, nm.

Edited by SquallStrife

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×