Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7179
Views
0
Helpful
8
Replies

RARP - you know the MAC but not the IP

lmgil
Level 1
Level 1

‎03-31-2005 09:15 AM - edited ‎03-02-2019 10:19 PM

Hi all,

it seems a simply question but I don't know how to solve it.

You know the MAC of a switch. You want to know the IP address for this IP, a kind or RARP application, like the IPSU for an Access Point.

Do you guys know where I can find an application like this ??

Obviously there is no console port, the sniffer does not tell a word, there is no CDP...

I read an tip in the Packet but it does not work, it was like matching the known mac address to an imaginarium IP address and telnet to it, but It does not work.

any help will be wellcome !

Luis Miguel.

1 person had this problem
Labels:
0 Helpful
8 Replies 8

smif101
Level 4
Level 4

‎03-31-2005 12:23 PM

What kind of switch is it that you are trying to get the IP address of. If it doesn't have a console port than the chances are that it doesn't support a IP address and it is just a dumb switch.

0 Helpful

lmgil
Level 1
Level 1
In response to smif101

‎04-01-2005 12:49 AM

It is a 3com with console port, but it does not matter. Imagine just a pc. You know the mac of the device and you want to perform a reverse ARP to know the IP.

0 Helpful

mhussein
Level 4
Level 4
In response to lmgil

‎04-01-2005 01:05 AM

Hi,

Unless I am missing something, this can be done by pinging the subnet broadcast addres (e.g x.x.x.255) from a router or pc on the same segment. Then checking the arp-cache table on the router or "arp -a" on Windows for the mac/ip entry.

HTH

Mustafa

0 Helpful

lmgil
Level 1
Level 1
In response to mhussein

‎04-01-2005 01:09 AM

Thanks Mustafa,

but do I have to try from 1.0.0.255 to 254.255.255.255 ??? do you kno what I mean... I don't have a clue of what subnet can be the ip address configured...

0 Helpful

Tantrix-X
Level 1
Level 1
In response to lmgil

‎04-01-2005 01:59 AM

Hi,

Use a sniffer like Ethereal, then do a search for the MAC address as a Hex value..

0 Helpful

mhussein
Level 4
Level 4
In response to lmgil

‎04-01-2005 03:06 AM

I see what you mean, all I can come with is some crazy ideas:

1. If you have a spare router that can be hooked up to the segment:

ip route 0.0.0.0 0.0.0.0

no logging console

logging buffered 327680 debugging

debug arp

ping 255.255.255.255

show log | inc xxxx.yyyy.zzzz

Or,

2. On a windoze pc, install a fast port scanner, e.g http://www.download.com/Advanced-Port-Scanner/3000-2381_4-10127847.html?tag=lst-0-1

Then:

c:\>route delete 0.0.0.0

c:\>route add 0.0.0.0 mask 0.0.0.0

and start the port scanner (1.0.0.255 to 254.255.255.255) !!! I would start with the obvious private ip addreses first. Then check the arp table:

c:\>arp -a > file.txt

(this may work without the port scanner: ping 255.255.255.255)

0 Helpful

jduffek
Level 1
Level 1

‎03-31-2005 01:29 PM

good question.

if you cant get on the console, then try to put a cisco device on the switch and see if they become cdp neighbors. then you can do a "sh cdp nei det" and get the IP.

sniffer should work too...

jd.

0 Helpful

smif101
Level 4
Level 4
In response to jduffek

‎04-01-2005 06:26 AM

What is the 3com name and model number of the switch??

0 Helpful
Customers Also Viewed These Support Documents