Finding IP of network if you have MAC address

Finding IP of network if you have MAC address

Postby listenphish » Sun May 09, 2004 7:36 pm

Is there a utility that can find the IP address of a wireless station if you have the MAC Address? Kismet only gives you the IP.

I think this process is called reverse RAP, but I'm not sure.

It must be possible to do in the terminal, I just don't know how.

Its just that sometimes wireless access points that are dhcp change their IPs, so MAC addresses are the best way to keep track of them....I've seen people look up MAC Addresses on a PC, so I know its possible..

Thanks,
Alex
listenphish
Mini Stumbler
 
Posts: 12
Joined: Sun May 09, 2004 7:32 pm

Postby roeles » Fri May 21, 2004 8:09 am

I think what you mean is called RARP (or Reverse ARP).
ARP is the Address Resolution Protocol, and translates IP to MAC.
RARP does the same the other way around (MAC to IP), but is seldom used.


If you can put your card in passive mode (or whatever that's called) and snif with KisMac, you could save it and open it with ettercap (my favorite sniffer :)). This should show you a list of IP's in the network (since you fetched their packets).
User avatar
roeles
 
Posts: 12
Joined: Fri May 21, 2004 8:01 am

Postby Barry » Fri May 21, 2004 7:12 pm

in Kismac, click on the network you want to see, wa-la, all the ip addy's in that network.

Crap!!! Nevermind, that shows the mac's. Sorry.

What do you need IP's for?
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

Postby G8tK33per » Fri May 21, 2004 8:01 pm

Barry wrote:What do you need IP's for?

Oh...nuthin', I'm in charge of my network and wuz jes wunderin how ta find 'em. Thass all... :rolleyes:
"Make yourselves sheep and the wolves will eat you." ~ Benjamin Franklin

Sons of Confederate Veterans
User avatar
G8tK33per
 
Posts: 6078
Joined: Fri May 09, 2003 4:00 am
Location: Goomba's Booty Boardwalk

Postby Madhadder » Sat May 22, 2004 12:11 am

If you are using Cisco gear (Switches & Routers), this is very easy.
.
On your Switch do a Show cam 00-00-00-00-00-00, replacing the
00's with the MAC Addr. you are looking for. This Will tell you which
switch port/Interface the PC is plugged into..

Next goto the first router that the switch connects to and do a
sh ip arp 0000.0000.0000 this will give you the IP address,interface
and other details.
Legends may sleep, but they never die!!!!
User avatar
Madhadder
 
Posts: 1619
Joined: Sat Apr 13, 2002 5:37 am
Location: Munich, Germany

Postby roeles » Fri May 28, 2004 8:10 am

what also might work (not tested though,so can ppl back this up plz?)
is that you get your dump from kismac (the pcap file it saves automagically) and insert into a nice sniffer (ettercap, ethereal, etc..). if there was some traffic, you should see the IP's there, since what you see is a 'replay' of what you sniffed earlyer. if we only could do this in realtime :)
I am a viral signature. Please copy me and help me spread. Thank you.
User avatar
roeles
 
Posts: 12
Joined: Fri May 21, 2004 8:01 am


Return to Mac OS

Who is online

Users browsing this forum: No registered users and 1 guest

cron