Wednesday, December 12, 2018

Did ya ever reset your router and discover you've lost your static IP configuration info?

The Problem

I just did that recently for a business client of mine. I was working on decommissioning a server, an old domain controller running the obsolete Windows Server 2003. The problem was that the DHCP service (which hands out IP addresses to computers on the local network) was running on this server. So, in order to decommission this server, I had to enable DHCP somewhere else on the network. The obvious choice is to turn on the DHCP service on the router.
After a few failed attempts to log into the router (the password for that was missing as well), I was left with having to perform a factory reset on the router. After I was able to log into the router using the default, out-of-the-box credentials for the router, I came to realize that the router needed static IP configuration information for the Internet connection. Then, there is a moment of panic when I discovered that the business client no longer has the paper that with the scribbled IP configuration information on it.
The ISP in this case is Frontier, which provides internet service for this business complex where my client occupies a small space in. There is at least one central router in the building that provides service to subscribers within the complex. Each subscriber has an Ethernet cable running into their office that connects to the business's router. But, without knowing your assigned IP address block and gateway address, the router is pretty much useless for connecting to the internet. So, my first thought was to contact Frontier and get the IP configuration from them.
Well, that turned into hours on the phone getting information that was not useful at all in this scenario. They tried hard to find the information for me, but apparently the installer didn't record the static IP configuration information either. Frontier technicians tried to check their gateway to try to figure out the information to no avail. Well, that was very discouraging.

The Solution

However, all was not lost. I unplugged the Frontier Ethernet wire from the router and plugged it directly into my laptop. The network interface, seeing no DHCP service, sets a default IP configuration, which is not useful for meaningful communication on the network. However, it doesn't matter when using a tool like Wireshark. I launched Wireshark, selected my network interface where the network cable was plugged in, and clicked the "Start capturing packets" button. That is when I saw the ARP packets coming from the gateway.
The gateway sent an ARP packet to each of the IP addresses that is included in the local network sub-net configuration. Obviously there weren't devices at those IP addresses, but Wireshark still captured the ARP packets that were sent to the IP addresses configured for the client's address block. So, right away, I knew the IP address of the gateway. Also, seeing the number of IP addresses that the gateway sent ARP packets to, I could calculate the sub-net mask. There were 6 addresses plus the address for the gateway, so that requires 3 bits of the 32 bit IP address to be variable and the remaining 29 bits will be the same for all these IP addresses. Therefore 29 bits are the mask, which translates to
So, with that information, I could successfully configure the router. I didn't have Frontier's DNS IP addresses handy, so I just used Google's public DNS addresses ( and The client was back in business. And of course, I took note of the static IP configuration in a safe place so that this issue wouldn't happen again.