Page 1 of 1

Finding IP of network if you have MAC address

PostPosted: Sun May 09, 2004 7:36 pm
by listenphish
Is there a utility that can find the IP address of a wireless station if you have the MAC Address? Kismet only gives you the IP.

I think this process is called reverse RAP, but I'm not sure.

It must be possible to do in the terminal, I just don't know how.

Its just that sometimes wireless access points that are dhcp change their IPs, so MAC addresses are the best way to keep track of them....I've seen people look up MAC Addresses on a PC, so I know its possible..

Thanks,
Alex

PostPosted: Fri May 21, 2004 8:09 am
by roeles
I think what you mean is called RARP (or Reverse ARP).
ARP is the Address Resolution Protocol, and translates IP to MAC.
RARP does the same the other way around (MAC to IP), but is seldom used.


If you can put your card in passive mode (or whatever that's called) and snif with KisMac, you could save it and open it with ettercap (my favorite sniffer :)). This should show you a list of IP's in the network (since you fetched their packets).

PostPosted: Fri May 21, 2004 7:12 pm
by Barry
in Kismac, click on the network you want to see, wa-la, all the ip addy's in that network.

Crap!!! Nevermind, that shows the mac's. Sorry.

What do you need IP's for?

PostPosted: Fri May 21, 2004 8:01 pm
by G8tK33per
Barry wrote:What do you need IP's for?

Oh...nuthin', I'm in charge of my network and wuz jes wunderin how ta find 'em. Thass all... :rolleyes:

PostPosted: Sat May 22, 2004 12:11 am
by Madhadder
If you are using Cisco gear (Switches & Routers), this is very easy.
.
On your Switch do a Show cam 00-00-00-00-00-00, replacing the
00's with the MAC Addr. you are looking for. This Will tell you which
switch port/Interface the PC is plugged into..

Next goto the first router that the switch connects to and do a
sh ip arp 0000.0000.0000 this will give you the IP address,interface
and other details.

PostPosted: Fri May 28, 2004 8:10 am
by roeles
what also might work (not tested though,so can ppl back this up plz?)
is that you get your dump from kismac (the pcap file it saves automagically) and insert into a nice sniffer (ettercap, ethereal, etc..). if there was some traffic, you should see the IP's there, since what you see is a 'replay' of what you sniffed earlyer. if we only could do this in realtime :)