Open question: How to find the IP address of a device?
As I understand, there are no guaranteed methods that work always, but there's a hundred approaches that work in specific situations, and I'd like to learn as many as possible.
The typical scenario is:
We receive some device from a customer to reconfigure/refurbish/repair. It's embedded, can be accessed over TCP/IP only. We either can't reset it to defaults (obscure procedure and no documentation) or the defaults are very obscure (we recently got one that defaulted to 10.100.0.111). Recovering login/password is a totally separate problem, first we need to access its web interface, and in order to do that we need to know its IP address.
The device is in our hands, locally – Wireshark, network sniffing, hard reset, all that is perfectly fine. Quite often the sticker with the MAC address is in place, so we know the MAC. This is not always the case but often a route to be investigated.
We have Linux and Windows workstations dedicated to service work that can be used for diagnostics. We have some electronics (like an oscilloscope) too, if bad comes to worse. We can set-up mostly any software we want on them.
If there's a need, we can leave the probe/scan running overnight or even over a couple of days, though faster solutions are definitely preferred.
Best Answer
For case when you don't know the MAC address:
You can generate regular ARP requests against all possible IP addresses with a tool such as nmap, by tuning the nmap option to be agressive. You will probably get a result in few minutes.
If the device is sending data by itself (at boot for example) you can just run Wireshark to sniff packets and get its MAC address (and maybe the IP address at the same time).