Home page logo

basics logo Security Basics mailing list archives

Re: IP to MAC mapping
From: "_rAt_" <mailinglists () mail wittenburg10c nl>
Date: Tue, 26 Nov 2002 09:54:37 +0100

try arpwatch, this does exactly what you are looking for...
it stores all detected MAC/IP number combinations in a database and
reports new entries, changes,  etc using email. And it is open source
and have it running on linux and FreeBSD. I have good expiriences with

This does not protect you from people who reprogram their ehternet
card and set it's MAC-address to know one and use it's corresponding
IP address.

See also: http://online.securityfocus.com/tools/142

You could also check on the www-proxy server for "unsupported"
versions and brands of browsers. Just to give you some idears.

- - - - - - - -
Renee A. Teunissen
PTS Software bv, Meerweg 7, 1405BA Bussum, NL.
T.+31-(0)35-6926969, M.+31-(0)6-22778313,
http://www.pts.nl, <first_name>@pts.nl
personal link page: http://wittenburg10c.nl/db/dest/links.html

----- Original Message -----
From: "Ian Lyte" <ilyte () alias666 freeserve co uk>
To: "Johan Denoyer" <jdenoy () digital-connexion info>;
<security-basics () securityfocus com>
Sent: Friday, November 22, 2002 10:59 AM
Subject: RE: IP to MAC mapping


If you use ettercap with the -O option it passively scans the
network for
all ip addresses and MAC addresses that are using it.

<from ettercap.pdf>
?O, ??passive
Collect infos in passive mode. This method WILL NOT SEND ANY packet
on the
wire. It will
put the interface in promiscuous mode and look for packets passing
it. every interesting
packet (SYN or SYN+ACK) is analyzed and used to make a complete map
of the
The infos collected are: IP and MAC of the hosts, type of Operating
(passive OS fingerprint),
network adapter vendor and running services. (for a technical
refer to
README) In the list are show even other infos: "GW" if the host is a
GateWay, "NL" if the IP is
not belonging to the LAN and "RT" if the host act as a router.
Useful if you want to make a start up host list in complete passive
when you are satisfied of
the collected infos, you can convert it to the startup host list by
press 'C', and then work as


-----Original Message-----
From: Johan Denoyer [mailto:jdenoy () digital-connexion info]
Sent: 20 November 2002 17:50
To: security-basics () securityfocus com
Subject: IP to MAC mapping


we are currently looking into illegal usage of a protected network.
We are
managing a class C network, and we would like to be able to detect
usage of the network by finding the MAC address of the ip address
used and
then checking it against a database.

Now I would like to find a software or a perl scrip that would do
the work.
(The budget that we have is 0$, so freeware is likely to be the

I have tried doing searches using google without any luck. If anyone
such software, please tell me which one, and where I can find it.



Johan Denoyer
jdenoy () digital-connexion info
Digital Connexion
PGP : 0x57A6727B

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]