Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4582
Views
0
Helpful
3
Replies

Resolving an IP address from a MAC address

steveseaman
Level 1
Level 1

‎09-07-2004 01:49 AM - edited ‎03-02-2019 06:16 PM

I have suffered many dubious web pages on how to do this but here goes.

I need to resolve an IP address from a mac address given. I have a suspect rougue wireless device indicated to me by netstumber but it only gives the MAC address of the peer.

If i could resolve this to an IP address then i could resolve the machine name and find the culprit.

I may just be chasing shoadows here but for the sake of my peace of mind and sanity I would like to check the rouge device down.

Any help would be appreciated

Labels:
0 Helpful
3 Replies 3

Kevin Dorrell
Level 10
Level 10

‎09-07-2004 02:11 AM

One effective way is to go to your router, and "show arp | include ". Unfortunately this only works if the rogue device is actually addressing the router. Make sure you get the format of the MAC address right, consistent with the normal output of "show arp". That assumes that he has an IP address of course. If he got his IP address from a DHCP server, the DHCP server will tell you.

Another way is to trace the MAC address through your switches. Start at the core switch, and do a "show cam " (for CatOS, or equivalent for IOS), and follow the port. Re-iterate, until you come to the access port. Trace the patch in the wiring closet, then go and clobber the user attached to that socket.

Kevin Dorrell

Luxembourg.

0 Helpful

scottosan
Level 1
Level 1

‎09-07-2004 04:14 AM

I feel your pain. With netstumbler, you will be seeing the the radio side mac address, not the ethernet side mac address. THis makes it hard because the sh arp will only give the ether side mac. The only thing I can tell you is to walk around until the signal is strongest. Below is a list of vendor mac prefixes that may help you narrow down what brand ap you are looking for.

3Com 0001.03|0004.76|0050.da|0800.02

Addtron 0040.33|0090.d1

Advanced Multimedia Internet 0050.18

Apple 0030.65

Atmel 0004.25

Bay Networks 0020.d8

BreezeNet 0010.e7

Cabletron (Enterasys) 0001.f4|00e0.63

Camtec 0000.ff

Cisco Aironet 0040.96

Compaq 0050.8b

D-Link 0005.5d|0040.05|0090.4b

Delta Networks 0030.ab

Intel 0002.b3

Linksys 0003.2f|0004.5a

Lucent 0002.2d|0060.1d|0202.2d

Nokia 00e0.03

Samsung 0000.f0|0002.78

Senao Intl 0002.6f

SMC 00e0.29|0090.d1

SOHOware 0080.c6

Sony 0800.46

Symbol 00a0.f8|00a0.0f

Z-Com 0060.b3

Zoom 0040.36

0 Helpful

dbellazetin
Level 4
Level 4

‎09-07-2004 08:09 AM

Can you connect to the AP and pass traffic? If yes I would sync up and do some data transfers. Then go to your switches and check the address tables (CatOS show cam dyn, or IOS show mac-address-table) and find your MAC. Whatever port its reporting on should be the ethernet side of the AP and you could go from there.

You could also run sniffer software and watch for a frame with that MAC and see if it contains the IP info.

Daniel

0 Helpful
Customers Also Viewed These Support Documents