SUMMARY: obtaining MAC address of any system from Paul A. Scowen on 1998-02-24 (tru64-unix-managers)

From: Paul A. Scowen <PAUL.SCOWEN_at_ASU.Edu>
Date: Mon, 23 Feb 1998 10:28:18 -0700 (MST)

I had a lot of responses but no satisfactory solution. Thanks to:

scott.b.skeate_at_lmco.com
Mike Iglesias <iglesias_at_draco.acs.uci.edu>
Alex_Nord_at_Jabil.com
Thomas Leitner <tom_at_finwds01.tu-graz.ac.at>
Wesley Darlington <w.darlington_at_am.qub.ac.uk>
Paul Norton <pnorton_at_ccnvhi.com>
"Burelbach, Jonathan" <jburelba_at_exchange.nih.gov>
Martin Mokrejs <mmokrejs_at_prfdec.natur.cuni.cz>
Gary Gladney <GLADNEY_at_stsci.edu>
Nicolas Michal <nmichal_at_ups.edu>
Bertrand Hutin <hb_at_o2tech.fr>
Tom Webster <webster_at_ssdpdc.lgb.cal.boeing.com>
"Robert L. McMillin" <rlm_at_syseca-us.com>

The consensus was that ARP does in fact work with all architectures, the
trick is finding some quick way to populate the ARP table with their
addresses - ping generally only works with intelligent OS's. A good
suggestion was to ping the broadcast address for your subnet - that nails all
respondent machines at once. But this won't find Mac's and PC's. Telnet to
some of these machines will work. Once you've got a response, you will see
the MAC address in your ARP table.

BUT, and this is the big one, this all will only work, or mean anything for
your local subnet. If you have a router between you and the offending
machines you're SOL. The ARP address returned will be that of the router,
which ain't a lot of use.

FYI I found one bad boy machine, but there are two others out there on campus
getting in to my subnet and causing havoc. This mechanism does not help.

Arpwatch is somewhat useful and will at least resolve the IP address of the
machine doing the dirty deed - from there I can go through DNS to find them -
but the MAC id is not legit.

If you want to build arpwatch locally, get the source from:

ftp://ftp.ee.lbl.gov/arpwatch.tar.Z
and, ftp://ftp.ee.lbl.gov/libpcap.tar.Z

useful tool.

-- 
-------------------------------------------------------------------------------
Paul A. Scowen                       | Internet: scowen_at_tycho.la.asu.edu
Dept of Physics & Astronomy          |           paul.scowen_at_asu.edu
Arizona State University             | World Wide Web:
Box 871504, Tempe, AZ 85287-1504     |    http://tycho.la.asu.edu/scowen.html
Tel/FAX: (602) 965-0938 / 7954       |    http://tycho.la.asu.edu/sah.html
-------------------------------------------------------------------------------

Received on Mon Feb 23 1998 - 18:30:48 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:37 NZDT