Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re^2: How can I find a MAC address from aremote IP ?

by afoken (Prior)
on May 09, 2009 at 15:28 UTC ( #763051=note: print w/ replies, xml ) Need Help??


in reply to Re: How can I find a MAC address from aremote IP ?
in thread How can I find a MAC address from aremote IP ?

Nope, that's not DOS, that's Windows. And it simply does not work. It asks the remote host via Microsoft propritary protocols for its MAC address. Already a simple samba server simply responds with a faked MAC of 00-00-00-00-00-00, and if the host does not respond to MS protocols, it returns "host not found":

Microsoft Windows 2000 Version 5.00.2195
(C) Copyright 1985-2000 Microsoft Corp.

H:\>nbtstat -a enterprise

Local Area Connection:
Node IpAddress: 192.168.1.20 Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    ENTERPRISE     <00>  UNIQUE      Registered
    ENTERPRISE     <03>  UNIQUE      Registered
    ENTERPRISE     <20>  UNIQUE      Registered
    ENTERPRISE     <00>  UNIQUE      Registered
    ENTERPRISE     <03>  UNIQUE      Registered
    ENTERPRISE     <20>  UNIQUE      Registered
    ..__MSBROWSE__.<01>  GROUP       Registered
    XXXXX          <1D>  UNIQUE      Registered
    XXXXX          <1B>  UNIQUE      Registered
    XXXXX          <1C>  GROUP       Registered
    XXXXX          <1E>  GROUP       Registered
    XXXXX          <00>  GROUP       Registered
    XXXXX          <1D>  UNIQUE      Registered
    XXXXX          <1B>  UNIQUE      Registered
    XXXXX          <1C>  GROUP       Registered
    XXXXX          <1E>  GROUP       Registered
    XXXXX          <00>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


H:\>nbtstat -a galileo7

Local Area Connection:
Node IpAddress: 192.168.1.20 Scope Id: []

    Host not found.

H:\>ping galileo7

Pinging galileo7.xxxxx.xxx 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time<10ms TTL=64
Reply from 192.168.1.1: bytes=32 time<10ms TTL=64
Reply from 192.168.1.1: bytes=32 time<10ms TTL=64
Reply from 192.168.1.1: bytes=32 time<10ms TTL=64

Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum =  0ms, Average =  0ms

H:\>

Reading the ARP cache can help here, but you must have communicated with a host before its MAC is in the ARP cache:

H:\>arp -a

Interface: 192.168.1.20 on Interface 0x1000003
  Internet Address      Physical Address      Type
  192.168.1.1           00-12-17-XX-XX-4e     dynamic
  192.168.1.10          00-08-54-XX-XX-d8     dynamic
  192.168.1.12          00-01-e6-XX-XX-41     dynamic

H:\>

The same trick also works on Linux:

$ /sbin/arp -v
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.20             ether   00:1e:90:XX:XX:c3   C                     br0
galileo7.xxxxx.xxx       ether   00:12:17:XX:XX:4e   C                     br0
Entries: 2      Skipped: 0      Found: 2

$ /sbin/arp -v -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.20             ether   00:1e:90:XX:XX:c3   C                     br0
192.168.1.1              ether   00:12:17:XX:XX:4e   C                     br0
Entries: 2      Skipped: 0      Found: 2

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)


Comment on Re^2: How can I find a MAC address from aremote IP ?
Re^3: How can I find a MAC address from aremote IP ?
by afoken (Prior) on May 09, 2009 at 15:38 UTC

    Note that you can not and will never see google or perlmonks in the ARP listings. All internet traffic goes through galileo7 (192.168.1.1). So, on a MAC level, all my machines just have to know that they have to ask galileo7 to deliver packets to the rest of the world.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://763051]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (5)
As of 2015-07-03 18:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (55 votes), past polls