kismet will sometimes show you the IP range

Not sure I understand the question.

You own the AP and have all the keys, passphrases, etc... and don't know the IP range in use?? Easiest way, if you own the AP, is to login and check what is in use. Most will probably be on the default range of 192.168.1.100 and up. that's for linksys at least.

If you want to sniff the network for addresses in use then you are limited with wireless nics on windows. For sniffing you cannot place the card into passive/promisc mode unless you get the airpcap drivers from CACE.

You could just run wireshark and wait for any broadcast traffic to hit the wireless nic..

alternatively, run linux and use Kismet.

or start guessing.

dean

I don't know if Languard can help you with this, but surely Kismet can.

Just put your card into promiscous mode and start Kismet, and if there is enough traffic finaly it will display also the network range used by the wireless network.

hi this is a little something i got for you
as long as you are connected to the network you can do an arp -a or -g at the windows command prompt.
if dhcp is disabled there will by all means be a default GW that allows you to reach the internet or the rest of the network.
this should work because arp maps IP to MAC, then after you get a single IP detect the class of IP eg. class A,B or C.

the  ;)hardway is to ping all host with in the network or subnet

sorry if this is a long method but as a hacker(ethical) you must do what ever it  take to get what you want.

hope this works if it doesn't please let me know.

NB:software tools were created by the human mind so you can think and create one for your self.