Re: How can I find a MAC address from aremote IP ?
by arhuman (Vicar) on Mar 30, 2001 at 19:06 UTC
|
NetPacket::ARP should be able to do the job...
or using `arp -a` and a regex (dirty but works on unix and windows...)
(It may be useful to ping the host before using arp to refresh the arp table in the case the entry is not present)
"Only Bad Coders Badly Code In Perl" (OBC2IP)
| [reply] [Watch: Dir/Any] |
|
Hmm.. You sure arp works on a distant remote IP?
From memory, it's only local subnet.
Plus, I don't think you get a valid MAC address from a PPP link either.
| [reply] [Watch: Dir/Any] |
|
Nothing is going to tell you the MAC address of something that is not within your local broadcast domain! You'd have to get some code to run in the local broadcast domain of the remote IP address and have it forward you the information.
And PPP links don't have MAC addresses. A MAC address is an Ethernet thing and you don't run PPP over Ethernet.
So I would assume that the original question was asking for a MAC address of an Ethernet (and non-PPP) adapter that was not local to the computer but that was in the local broadcast domain -- nothing else makes much sense. So ARP is the most logical answer.
-
tye
(but my friends call me "Tye")
| [reply] [Watch: Dir/Any] |
|
|
Oops ! You're right arp will only work with local IP addresses...
(I always forget to mention...)
"Only Bad Coders Badly Code In Perl" (OBC2IP)
| [reply] [Watch: Dir/Any] |
|
| [reply] [Watch: Dir/Any] |
Re: How can I find a MAC address from aremote IP ?
by ChOas (Curate) on Mar 30, 2001 at 19:03 UTC
|
Hey
I don`t know how deep Perl can go under the IP stack
but just one comment:
If you are looking at a remote IP the only source MAC
address you will find on that packet is the one of the
last router/host/hop it went through...
I hope that is what you are looking for, coz it wont
get any better than that
GreetZ!,
print "profeth still\n" if /bird|devil/; | [reply] [Watch: Dir/Any] |
|
I have a similar problem. Somewhere on our network there is a RAS that's bugging my SCO UNIX box every few seconds. The result is the bootp program filling the syslog with error messages about a bad address from this MAC address. The address is 52.41.53... and that's a RAS. But I can't find this offending device by the MAC address.
I found some software that hunts down all the MAC addresses on my subnet, but no further.
Any suggestions?
| [reply] [Watch: Dir/Any] |
|
Total non Perl reply, but just a reply to try and help you:
There is no way that you can find MAC addresses outside
your subnet, in fact,all ARP and RARP requests are limited to the segment(s) you`re in...(searching from)
GreetZ!,
print "profeth still\n" if /bird|devil/;
| [reply] [Watch: Dir/Any] |
|
im really sorry i have no idea about it
but if u want any info abt ip address
just visit this site
http://www.ip-details.com
| [reply] [Watch: Dir/Any] |
Re: How can I find a MAC address from aremote IP ? (MAC n' IP cheese)
by ybiC (Prior) on Mar 30, 2001 at 22:47 UTC
|
As wise monks have already stated above:
- arp only works for IP address from your local (segment|subnet|broadcast domain)
- if you try to arp-resolve an IP address from a different subnet, the resulting MAC address will be that of the router interface nearest you.
- MAC addresses are an Ethernet (not PPP) thang
Token-Ring and FDDI devices also have MAC addresses but, IIRC, you get into (big|little)-endian stuff there.
Arcnet and Appletalk used their own funkomatic hardware addressing schemes.
If you are indeed looking for the MAC address of a local-to-your-LAN-segment device, (code) MAC n' IP cheese includes code of OWTDI.
cheers,
Don
bumbling toward Perl Adept
(it's pronounced "why-bick")
Update: I was thinking of IPv4 only.
As lhoward points out, IPv6 is substantially different.
Update 2: Working from riffraff's Re: Re: Re: How can I find a MAC address from aremote IP ? post above, I found that (code) MAC n' IP cheese can work for remote segments just by replacing the "Querying ARP table..." section with
snmpwalk <router_name_or_address> <community_string> IpnetToMediaPhysAddress
Woo-hoo! 8^) | [reply] [Watch: Dir/Any] [d/l] |
Re: How can I find a MAC address from aremote IP ?
by lhoward (Vicar) on Mar 30, 2001 at 22:32 UTC
|
I can think of a few ways, but they're kind of out there
and
won't work most of the time:
- If the remote box is running SNMP and you know its community string
you can SNMP poll it to get its mac address
- If the entire path from you to the remote host is IPv6 and not IPv4,
the boxes MAC address is part of its IPv6 address by default (this can easily
be overridden).
Why do you need the remote box's MAC address? If you're trying to use
MAC address to uniquely identify users or something like that MAC (or any type of network address)
is not the way to do it. | [reply] [Watch: Dir/Any] |
|
Sometimes I need to locate quickly a computer in the buidling and
the only information I have at first, is the IP address (and
most of the time, it's a DHCP IP address, so there is many
places possible it could be).
With the MAC address, it's easy to locate on which port of
a switch it is plugged. And when i know on which port of
the switch it is plugged, I know where in the building the
computer is. There's many switchs and routers, so I wanted to have a little
perl script which would quickly gather all the informations
on a machine.
I think my problem is more how to use SNMP to get what
I want than a Perl one. Net::SNMP seems the way to do it. I just
need to find how, but that's not a perl issue now :)
| [reply] [Watch: Dir/Any] |
|
snmpwalk <switchname> <communityname> IpNetToMediaEntry
Will list all (I believe) ports, which ip address is on that port,
and which mac address is associated with that ip address.
That could help, I guess.
riffraff
| [reply] [Watch: Dir/Any] [d/l] |
|
|
Sounds to me like you have 2 possible angles to attack this problem:
- use SNMP to query the switches to see which IP is on which port.
Its been a long time since I've written an SNMP poll for a switch, but if I remmember
right I think the info you want is in the Bridge MIB.
- The static IP's should be pretty easy to locate. For the
dynamics you could query the DHCP server(s) to see what MAC a particular
IP is assigned to. This may or may not be doable (and may or
may ont be doable via SNMP), it depends on the capability of your DHCP server.
| [reply] [Watch: Dir/Any] |
Re: How can I find a MAC address from aremote IP ?
by Anonymous Monk on Jan 08, 2003 at 14:03 UTC
|
i only know how to do it in dos...
"nbtstat -a remote_ip"
or
"nbtstat -A remote_host" | [reply] [Watch: Dir/Any] |
|
Nope, that's not DOS, that's Windows. And it simply does not work. It asks the remote host via Microsoft propritary protocols for its MAC address. Already a simple samba server simply responds with a faked MAC of 00-00-00-00-00-00, and if the host does not respond to MS protocols, it returns "host not found":
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
H:\>nbtstat -a enterprise
Local Area Connection:
Node IpAddress: [192.168.1.20] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
ENTERPRISE <00> UNIQUE Registered
ENTERPRISE <03> UNIQUE Registered
ENTERPRISE <20> UNIQUE Registered
ENTERPRISE <00> UNIQUE Registered
ENTERPRISE <03> UNIQUE Registered
ENTERPRISE <20> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
XXXXX <1D> UNIQUE Registered
XXXXX <1B> UNIQUE Registered
XXXXX <1C> GROUP Registered
XXXXX <1E> GROUP Registered
XXXXX <00> GROUP Registered
XXXXX <1D> UNIQUE Registered
XXXXX <1B> UNIQUE Registered
XXXXX <1C> GROUP Registered
XXXXX <1E> GROUP Registered
XXXXX <00> GROUP Registered
MAC Address = 00-00-00-00-00-00
H:\>nbtstat -a galileo7
Local Area Connection:
Node IpAddress: [192.168.1.20] Scope Id: []
Host not found.
H:\>ping galileo7
Pinging galileo7.xxxxx.xxx [192.168.1.1] with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<10ms TTL=64
Reply from 192.168.1.1: bytes=32 time<10ms TTL=64
Reply from 192.168.1.1: bytes=32 time<10ms TTL=64
Reply from 192.168.1.1: bytes=32 time<10ms TTL=64
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
H:\>
Reading the ARP cache can help here, but you must have communicated with a host before its MAC is in the ARP cache:
H:\>arp -a
Interface: 192.168.1.20 on Interface 0x1000003
Internet Address Physical Address Type
192.168.1.1 00-12-17-XX-XX-4e dynamic
192.168.1.10 00-08-54-XX-XX-d8 dynamic
192.168.1.12 00-01-e6-XX-XX-41 dynamic
H:\>
The same trick also works on Linux:
$ /sbin/arp -v
Address HWtype HWaddress Flags Mask
+ Iface
192.168.1.20 ether 00:1e:90:XX:XX:c3 C
+ br0
galileo7.xxxxx.xxx ether 00:12:17:XX:XX:4e C
+ br0
Entries: 2 Skipped: 0 Found: 2
$ /sbin/arp -v -n
Address HWtype HWaddress Flags Mask
+ Iface
192.168.1.20 ether 00:1e:90:XX:XX:c3 C
+ br0
192.168.1.1 ether 00:12:17:XX:XX:4e C
+ br0
Entries: 2 Skipped: 0 Found: 2
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
| [reply] [Watch: Dir/Any] [d/l] [select] |
|
Note that you can not and will never see google or perlmonks in the ARP listings. All internet traffic goes through galileo7 (192.168.1.1). So, on a MAC level, all my machines just have to know that they have to ask galileo7 to deliver packets to the rest of the world.
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
| [reply] [Watch: Dir/Any] |