A common scenario I have is walking up to an unfamiliar system to commission, modify or fix something. More often than not, that involves connecting to something on a network. So how do I know what the connection details (IP address, subnet mask, etc) are?
Getting a general idea…
The general plan is to at least start with finding the relevant network range (subnet). That gives you somewhere to start searching. For the TL:DR, just look at the headings of the following steps…
1. Check with the owner
First question: is the network managed by another person/party? If so, stop. Ask for details on at least getting on the network. This is especially important when dealing with secure networks; plugging into random equipment there isn’t looked upon with much favour… If the network manager is any good, they will be able to tell you the details of the equipment as well anyway.
In my experience, that’s rare though (although it seems to be changing). For many systems, it will just be a bunch of gear sitting on its own switch. So here’s what I normally check next to at least get an idea of the network itself:
2. Front panels and displays
An obvious place to start looking is at anything with a display or front panel. Some rack gear with a display (e.g. Crestron DigitalMedia switchers, AMX DVX controllers, Clearone DSPs) is often on the network, so can be brought up quickly. Setup pages of touch panels and Ethernet connected displays/projectors are other devices that come to mind.
Just be aware that devices that are either user connectable or for conferencing often are on a different network range. Examples could video conference codecs and network based presentation devices (e.g. Barco ClickShare, Crestron AirMedia) and video recorders.
3. Manufacturer tools
Some manufacturers have software tools that assist in finding their devices on the network( E.g. Crestron Toolbox’s ‘Device Discovery Tool’, AMX Netlinx Studio’s ‘Listen for Masters…’, Biamp Tesira’s ‘Connect to System’). Give these a quick go to see what turns up.
4. DHCP
It’s possible that there is a DHCP server already on the network somewhere. That makes it pretty easy; your laptop will be given an IP address that (hopefully) is on the same range as the devices that are there. Even on a standalone network, newer control systems sometimes run their own server (e.g. Crestron’s ‘Control Subnet’, AMX’s ‘ICS LAN’). If it’s not standalone the result is worth double checking as sometimes switch ports and/or MAC addresses might be assigned to different networks.
Assuming there aren’t any running DHCP servers, you can run your own. This is usually only relevant when first configuring devices, or if the device’s network connection isn’t otherwise used (such as a DSP that’s being controlled via RS-232). I personally use Dual Server, mainly because it’s free and quick to get something basic going. The console lists addresses as it allocates them, and it also has a web interface to show active leases. I’ve also heard of TFTPD, which may also come in handy for the TFTP part.
5. Documentation and code
While I monitor my DHCP server for anything popping up, I have a poke through any code and documentation that I have handy (ideally I’ve already looked through this in advance anyway). I commonly see network details in:
Schematics; if the system designer knew the network plan in advance it might be noted down. It’s always good to be across what’s in the system anyway. Workspace files; for example in Crestron that would be the .ctw file (pretty rare to find it), for AMX that would be the .axw file (commonly there). Code files; there might be external devices defined that the control system talks to on the network. In Crestron that might be in the device settings under the control system’s Ethernet port or in the device module’s parameters. In AMX, look for any device definitions that have a 0 as the device (e.g. Device:Port:System of 0:1:0). Configuration and log files; exported or saved configuration/log files from DSPs, video switchers, etc might have some record of at least its own IP address
6. USB and serial ports
A lot of devices will have alternative interfaces that you can use to access them. Previously, RS-232 was normal but USB is a lot more common now. Connecting to one of these might help with finding some network details.
RS-232 is usually straightforward once you know the baud, parity, etc (funky connectors/pinouts aside). Fire up you favourite terminal program (a few I use are Putty, TeraTerm and RealTerm) and try some random commands: enter, ‘?’, ‘help’… whatever to try and get some info back. If you don’t get anything try rebooting the box; sometimes it will spit out some info during the boot sequence.
USB could be just a terminal emulation of sorts; it just creates a serial port connection. Otherwise, there are often proprietary programs to use (Crestron Toolbox, AMX Netlinx Studio, Lightware Device Controller, etc).
7. Wireshark
Still nothing? Can’t get physical access to the equipment (which removes a lot of options)?
It’s sometimes possible to find details just by monitoring broadcast traffic on the network (broadcast, because it means you might receive it without even needing to be on the same subnet. I use Wireshark for this. Fire it up, select your interface, then keep an eye on what traffic is floating around.
Some devices broadcast discovery packets (like AMX’s ICSP ‘blink’ on port 1319, or Crestron’s autodiscovery on port 41794). Sometimes rebooting the unit generates some traffic.
Figuring out the results is a lot easier if you are on an isolated network. Basically it involves looking for traffic that a) is not from your own computer, and b) contains some clue as to what network addresses are on the network (ARP packets are good for this).
Now what…
There is a good chance you have found the details of the specific device by now, but if not you can now start narrowing it down. You could start by scanning the network range for all of the present IP addresses. I use an older version of SoftPerfect Network Scanner (while it was still free), but Angry IP Scanner is another option. You can then filter the list by MAC address, as that will often tell you the brand of the device; each manufacturer mostly uses a specific MAC address OUI. (this can also be used to filter the WireShark results from above, using ‘eth.src contains xx:xx:xx’)
For example:
- Crestron – 00:10:7F
- AMX – 00:60:9f
- Extron – 00:05:A6
- Biamp – 00:90:5e
- Clearone – 00:90:79
You can also play the game of ‘spot the difference’; scan the network, unplug the device, scan again, see what’s missing. Failing that, now that you know the expected network range, plug straight into the device and scan again. If all else fails, run around screaming with your hands in the air… (or just ask me for more ideas)