RE: IP to MAC mapping

["Ian Lyte" <ilyte () alias666 freeserve co uk>]

Hi,

If you use ettercap with the -O option it passively scans the network for
all ip addresses and MAC addresses that are using it.

<from ettercap.pdf>
?O, ??passive
Collect infos in passive mode. This method WILL NOT SEND ANY packet on the
wire. It will
put the interface in promiscuous mode and look for packets passing through
it. every interesting
packet (SYN or SYN+ACK) is analyzed and used to make a complete map of the
LAN.
The infos collected are: IP and MAC of the hosts, type of Operating System
(passive OS fingerprint),
network adapter vendor and running services. (for a technical description
refer to
README) In the list are show even other infos: "GW" if the host is a
GateWay, "NL" if the IP is
not belonging to the LAN and "RT" if the host act as a router.
Useful if you want to make a start up host list in complete passive mode,
when you are satisfied of
the collected infos, you can convert it to the startup host list by simply
press ’C’, and then work as
usual.

Ian

-----Original Message-----
From: Johan Denoyer [mailto:jdenoy () digital-connexion info]
Sent: 20 November 2002 17:50
To: security-basics () securityfocus com
Subject: IP to MAC mapping


Hi,

we are currently looking into illegal usage of a protected network. We are
managing a class C network, and we would like to be able to detect illegal
usage of the network by finding the MAC address of the ip address used and
then checking it against a database.

Now I would like to find a software or a perl scrip that would do the work.
(The budget that we have is 0$, so freeware is likely to be the solution)

I have tried doing searches using google without any luck. If anyone uses
such software, please tell me which one, and where I can find it.

Thanks,


Salutations,

Johan Denoyer
jdenoy () digital-connexion info
Digital Connexion
http://www.digital-connexion.info
PGP : 0x57A6727B