Penetration Testing mailing list archives
Re: [PEN-TEST] MAC -> IP ?
From: Andrew Griffiths <andrewg () TASMAIL COM>
Date: Tue, 20 Mar 2001 09:13:35 +1100
G'day. Under linux/bsd's you can start the interface without arp working on there. hmm I think something like: "ifconfig iface noarp". There is a program called arpwatch (that monitors difference between IP and MAC addrs.) - but if you're running a windows network, I have no idea if there is a tool similar to it. You can get tcpdump and others to monitor for a certain MAC address as well. You can do rarp (reverse arp) to get the ip, but I can't think of something that would do that. Download some arp tools and find one. Hunt might work. It's possible that machine is just misconfigured - e.g wrong ip address and thats why attempting to ping every ip doesn't work. It'd be putting out a MAC address if (for example) windows is trying to find a domain to work on. my $0.02 worth. -ag On Saturday, March 17, 2001 at 11:57:54 PM, Penetration Testers wrote:
Hi, i am watching our net for changes in IP and MAC (which we don't allow). On out Switch i can find a MAC, with no known IP. I already tried to ping the whole IP range and looked in the arp table of my computer, but can't find the MAC there. If i flush the switch arp table, the MAC comes back after some seconds, so the 'evil' computer seems to be active. 1. is there a better way to get the IP if i have the MAC ? 2. how is it possible to hide your arp requests/response ? thanks, Jens
-- www.tasmail.com
Current thread:
- [PEN-TEST] MAC -> IP ? Kerle, Jens (Mar 18)
- Re: [PEN-TEST] MAC -> IP ? H D Moore (Mar 18)
- Re: [PEN-TEST] MAC -> IP ? Nelson Brito (Mar 19)
- <Possible follow-ups>
- Re: [PEN-TEST] MAC -> IP ? Abe Getchell (Mar 18)
- Re: [PEN-TEST] MAC -> IP ? Andrew Lawton (Mar 19)
- Re: [PEN-TEST] MAC -> IP ? Dom De Vitto (Mar 19)
- Re: [PEN-TEST] MAC -> IP ? Torbjorn karlsson (Mar 19)
- Re: [PEN-TEST] MAC -> IP ? Chris Arnold (Mar 19)
- Re: [PEN-TEST] MAC -> IP ? Andrew Griffiths (Mar 19)