Security Basics mailing list archives

Re: IP to MAC mapping

From: "Shanon" <liquid_nitrogen79 () hotmail com>
Date: Thu, 28 Nov 2002 11:10:37 +0530

If you have linux box you can also try this simple perl script

#!/usr/bin/perl

$pid=fork();

if($pid>0){die "Forked";}

else

{

while (1)

{

open(FileHND,"/proc/net/arp");

open(LogHND,">>$ARGV[0]") if $ARGV[0];

open(LogHND,">>&STDOUT") if !$ARGV[0];


while(<FileHND>)

{

@array = split(/\s+/);

if($array[0] =~ /^\d/){


if($list{$array[0]} && ($list{$array[0]} ne $array[3]))

{

print LogHND ("ARP Address $array[0] changed from $list{$array[0]} to
$array[3]\n") ;

}

elsif($list{$array[0]} ne $array[3])

{

print LogHND "Adding $array[0]\n" if $ARGV[1] ne silent;

$list{$array[0]} = $array[3];

}}

}

close(FileHND);

sleep 3;

}

}

----- Original Message -----
From: "Burton M. Strauss III" <bstrauss3 () attbi com>
To: <security-basics () securityfocus com>
Cc: "Johan Denoyer" <jdenoy () digital-connexion info>
Sent: Friday, November 22, 2002 6:19 PM
Subject: RE: IP to MAC mapping

Understand that most OSes (perhaps not windows, but I wouldn't put it past
having a registry key somewhere) allow you to set the MAC address to
anything you want it to be...  So all you would find would be casual
crashers...

Set up a small Linux or *nix box and use arpwatch - it's a daemon that
monitors the network and can email you with changes.

-----Burton

-----Original Message-----
From: Johan Denoyer [mailto:jdenoy () digital-connexion info]
Sent: Wednesday, November 20, 2002 11:50 AM
To: security-basics () securityfocus com
Subject: IP to MAC mapping


Hi,

we are currently looking into illegal usage of a protected network. We are
managing a class C network, and we would like to be able to detect illegal
usage of the network by finding the MAC address of the ip address used and
then checking it against a database.

Now I would like to find a software or a perl scrip that would do the

work.

(The budget that we have is 0$, so freeware is likely to be the solution)

I have tried doing searches using google without any luck. If anyone uses
such software, please tell me which one, and where I can find it.

Thanks,


Salutations,

Johan Denoyer
jdenoy () digital-connexion info
Digital Connexion
http://www.digital-connexion.info
PGP : 0x57A6727B

Attachment: arp.pl
Description:

Current thread:

IP to MAC mapping Johan Denoyer (Nov 22)
- RE: IP to MAC mapping Ian Lyte (Nov 25)
  - RE: IP to MAC mapping Vytautas Kaziukonis (Nov 26)
  - Re: IP to MAC mapping _rAt_ (Nov 26)
- Re: IP to MAC mapping Richard Westlake (Nov 25)
- RE: IP to MAC mapping Burton M. Strauss III (Nov 25)
  - Re: IP to MAC mapping Shanon (Nov 28)
- RE: IP to MAC mapping Seth Connolly (Nov 25)
- Re: IP to MAC mapping Jon (Nov 25)
- Re: IP to MAC mapping Devdas Bhagat (Nov 25)
  - Re: IP to MAC mapping Robert Hogan (Nov 26)
  - Message not available
    - Re: IP to MAC mapping Devdas Bhagat (Nov 26)
    - Enforcing IE not cache usr/passwords and parsing the current cache Mark (fat) (Nov 28)
- RE: IP to MAC mapping Steinar Skjelanger (Nov 27)
- <Possible follow-ups>
- RE: IP to MAC mapping Wolf, Glenn (Nov 25)