mailing list archives
Re: IP to MAC mapping
From: "_rAt_" <mailinglists () mail wittenburg10c nl>
Date: Tue, 26 Nov 2002 09:54:37 +0100
try arpwatch, this does exactly what you are looking for...
it stores all detected MAC/IP number combinations in a database and
reports new entries, changes, etc using email. And it is open source
and have it running on linux and FreeBSD. I have good expiriences with
This does not protect you from people who reprogram their ehternet
card and set it's MAC-address to know one and use it's corresponding
See also: http://online.securityfocus.com/tools/142
You could also check on the www-proxy server for "unsupported"
versions and brands of browsers. Just to give you some idears.
- - - - - - - -
Renee A. Teunissen
PTS Software bv, Meerweg 7, 1405BA Bussum, NL.
personal link page: http://wittenburg10c.nl/db/dest/links.html
----- Original Message -----
From: "Ian Lyte" <ilyte () alias666 freeserve co uk>
To: "Johan Denoyer" <jdenoy () digital-connexion info>;
<security-basics () securityfocus com>
Sent: Friday, November 22, 2002 10:59 AM
Subject: RE: IP to MAC mapping
If you use ettercap with the -O option it passively scans the
all ip addresses and MAC addresses that are using it.
Collect infos in passive mode. This method WILL NOT SEND ANY packet
wire. It will
put the interface in promiscuous mode and look for packets passing
it. every interesting
packet (SYN or SYN+ACK) is analyzed and used to make a complete map
The infos collected are: IP and MAC of the hosts, type of Operating
(passive OS fingerprint),
network adapter vendor and running services. (for a technical
README) In the list are show even other infos: "GW" if the host is a
GateWay, "NL" if the IP is
not belonging to the LAN and "RT" if the host act as a router.
Useful if you want to make a start up host list in complete passive
when you are satisfied of
the collected infos, you can convert it to the startup host list by
press 'C', and then work as
From: Johan Denoyer [mailto:jdenoy () digital-connexion info]
Sent: 20 November 2002 17:50
To: security-basics () securityfocus com
Subject: IP to MAC mapping
we are currently looking into illegal usage of a protected network.
managing a class C network, and we would like to be able to detect
usage of the network by finding the MAC address of the ip address
then checking it against a database.
Now I would like to find a software or a perl scrip that would do
(The budget that we have is 0$, so freeware is likely to be the
I have tried doing searches using google without any luck. If anyone
such software, please tell me which one, and where I can find it.
jdenoy () digital-connexion info
PGP : 0x57A6727B