Finding IP of network if you have MAC address

listenphish · 05-09-2004

Is there a utility that can find the IP address of a wireless station if you have the MAC Address? Kismet only gives you the IP.

I think this process is called reverse RAP, but I'm not sure.

It must be possible to do in the terminal, I just don't know how.

Its just that sometimes wireless access points that are dhcp change their IPs, so MAC addresses are the best way to keep track of them....I've seen people look up MAC Addresses on a PC, so I know its possible..

Thanks,
Alex

roeles · 05-21-2004

I think what you mean is called RARP (or Reverse ARP).
ARP is the Address Resolution Protocol, and translates IP to MAC.
RARP does the same the other way around (MAC to IP), but is seldom used.

If you can put your card in passive mode (or whatever that's called) and snif with KisMac, you could save it and open it with ettercap (my favorite sniffer

). This should show you a list of IP's in the network (since you fetched their packets).

Barry · 05-21-2004

in Kismac, click on the network you want to see, wa-la, all the ip addy's in that network.

Crap!!! Nevermind, that shows the mac's. Sorry.

What do you need IP's for?

G8tK33per · 05-21-2004

Quote:

Originally Posted by Barry

What do you need IP's for?

Oh...nuthin', I'm in charge of my network and wuz jes wunderin how ta find 'em. Thass all...

Madhadder · 05-22-2004

If you are using Cisco gear (Switches & Routers), this is very easy.
.
On your Switch do a Show cam 00-00-00-00-00-00, replacing the
00's with the MAC Addr. you are looking for. This Will tell you which
switch port/Interface the PC is plugged into..

Next goto the first router that the switch connects to and do a
sh ip arp 0000.0000.0000 this will give you the IP address,interface
and other details.

roeles · 05-28-2004

what also might work (not tested though,so can ppl back this up plz?)
is that you get your dump from kismac (the pcap file it saves automagically) and insert into a nice sniffer (ettercap, ethereal, etc..). if there was some traffic, you should see the IP's there, since what you see is a 'replay' of what you sniffed earlyer. if we only could do this in realtime

05-09-2004	#1 (permalink)
listenphish Registered Member Join Date: May 2004 Posts: 12	Finding IP of network if you have MAC address Is there a utility that can find the IP address of a wireless station if you have the MAC Address? Kismet only gives you the IP. I think this process is called reverse RAP, but I'm not sure. It must be possible to do in the terminal, I just don't know how. Its just that sometimes wireless access points that are dhcp change their IPs, so MAC addresses are the best way to keep track of them....I've seen people look up MAC Addresses on a PC, so I know its possible.. Thanks, Alex

05-21-2004	#3 (permalink)
Barry Managing the iTards. Join Date: Dec 2002 Location: Ohio Posts: 5,383	in Kismac, click on the network you want to see, wa-la, all the ip addy's in that network. Crap!!! Nevermind, that shows the mac's. Sorry. What do you need IP's for? __________________ Atheism is a non-prophet organization. Last edited by Barry : 05-21-2004 at 09:17 PM.

05-22-2004	#5 (permalink)
Madhadder General "Noob Basher" Join Date: Apr 2002 Location: Munich, Germany Posts: 1,620	If you are using Cisco gear (Switches & Routers), this is very easy. . On your Switch do a Show cam 00-00-00-00-00-00, replacing the 00's with the MAC Addr. you are looking for. This Will tell you which switch port/Interface the PC is plugged into.. Next goto the first router that the switch connects to and do a sh ip arp 0000.0000.0000 this will give you the IP address,interface and other details. __________________ Legends may sleep, but they never die!!!!

05-28-2004	#6 (permalink)
roeles warglider Join Date: May 2004 Posts: 12	what also might work (not tested though,so can ppl back this up plz?) is that you get your dump from kismac (the pcap file it saves automagically) and insert into a nice sniffer (ettercap, ethereal, etc..). if there was some traffic, you should see the IP's there, since what you see is a 'replay' of what you sniffed earlyer. if we only could do this in realtime __________________ I am a viral signature. Please copy me and help me spread. Thank you.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

05-21-2004	#2 (permalink)
roeles warglider Join Date: May 2004 Posts: 12	I think what you mean is called RARP (or Reverse ARP). ARP is the Address Resolution Protocol, and translates IP to MAC. RARP does the same the other way around (MAC to IP), but is seldom used. If you can put your card in passive mode (or whatever that's called) and snif with KisMac, you could save it and open it with ettercap (my favorite sniffer ). This should show you a list of IP's in the network (since you fetched their packets).