Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: getting an ip via a mac-adress

  1. #1

    getting an ip via a mac-adress

    hello,

    is it possible to get someone's ip if you have his /her mac-adress??
    and if so, how is this possible?

    i've tried google, but didn't find any relevant information

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Do a search for RARP: Reverse Address Resolution Protocol (Mac to IP)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Do a search for RARP: Reverse Address Resolution Protocol (Mac to IP)
    did as you suggested, i've read rfc903 and a lot of other things / tutorials, and i know the general idea behind it.

    but i was thinking,
    suppose i give you ( or anyone ) a mac adress: 00-60-08-FB-A1-0F (just wrote one down)

    how would you get his ip ( that is, if he's on the net)?
    would you use a tool to scan the complete internet bit by bit until you've found him, or are there faster / easier ways???

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Well that may not work too well on the internet and hopefully others more knowledgeable will jump in and bail me out, but.... The IP would probably be his ISP's and not his own if it was Dynamically assigned and Bet you'd hit a stop sign at your ISP once more because you would have to be on the same network as the other fellow to use RARP/ARP.


    If you were able too....here's someting write a while back in response to a similar thread:

    http://www.antionline.com/bookmarks....jump&bmid=1298

    posted 02-18-2004 07:46 PM
    (post #4)

    Well yep, as long as my cisco memory doesn't turn into gray moments it’s been about two years…lol…. And if they’re your routers, because obviously you’ll need passwords. You can do some router hopping and use the “show CDP neighbors” (Cisco Discovery Protocol - for cisco routers, but surely others have a similar command to find out who the neighbors are (other routers, platforms etc.).

    So you telnet into the router directly connected to your network, enter in to the “exec-mode” (might be able to do it in the “user-mode” as well – but it’s show commands are limited), issue the “show CDP neighbors”, grab the mac (data link address = mac address) of the next router, RARP to get the IP, telnet into the next and repeat the process until you get where you want to go. My ole Cisco Instructor would say, “why didn’t you just grap the routing tables and RARP for the next IP, don’t they exchange network info with other routers?” I guess I’d have to say something along the lines of,” well I already started typing this and (humph!)….”.


    Just food for thought.....

    good luck

  5. #5
    Senior Member st1mpy's Avatar
    Join Date
    Jun 2003
    Posts
    111
    02/20/2004 21:15:52 Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.



    didnt realy undrestand it so any help could use thx
    Un Seen But Well Heard Of

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    It means someone has "answered" an ARP request you didnt ask for. This will frequently add the ARP reply (adding the attackers desired entry) to the ARP table even when the response is unsolicited and can be (ab)used in a number of ways. As long as the requests are being blocked you are safe although you may to want to log the traffic (perhaps the ISP can help if you think this is an attacker) You may want to just sniff the traffic a while and make sure it isnt a freakish byproduct of DHCP.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  7. #7
    Well that may not work too well on the internet and hopefully others more knowledgeable will jump in and bail me out, but.... The IP would probably be his ISP's and not his own if it was Dynamically assigned and Bet you'd hit a stop sign at your ISP once more because you would have to be on the same network as the other fellow to use RARP/ARP
    i was afraid of that, but i did hear once that if the police ( forensic researchers) got your mac-adress, they can find out the rest of your personal data. so it has to be possible i think..

    but on the other hand, i can't call an ISP to get the data / ip of a specific person with just a mac-adress, and i think the cops are allowed..

    it is a difficult, but interesting subject....
    but at least i'm learning something of it :P

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi, not my subject by any means but:

    i was afraid of that, but i did hear once that if the police ( forensic researchers) got your mac-adress, they can find out the rest of your personal data. so it has to be possible i think..
    Let's look at a probable scenario:

    I am onto a perp but he shares a residential block with a small LAN and a single ISP provider?
    OK I can trace the logs, times, dates etc. but there are several machines that could log in and out of the same ISP.................AFAIK the MAC address is how I can tell which machine was used..........a bit like the old forensics and typewriters?

    I could well be wrong (why break the habit of a lifetime ) but I see the MAC addy at the "back end" of the investigation, not at the front.

    If I have fewer machines to investigate it does wonders for my budget and stops me seriously annoying innocent parties by impounding all the kit on the LAN....................assuming I could get such a vague warrant in the first place?

    I really cannot envisage a scenario where I would get MAC addy info before ISP/IP log data?

    just my thoughts...............anyone care to enlighten me?

    Cheers

  9. #9
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Lepricon

    Nilhil nailed when he said "...I see the MAC addy at the "back end" of the investigation, not at the front."

    Here's a home user's setup that I know of: (obviously working backwards from the internet)

    Internet > Good Guy's ISP > Dial-up modem thru Telephone line (boo to slow!) > Firewall/router > Cat 5 to Switch > Cat 5 to Nic's on Home Lan, 4 PC's with different firewalls, one of the PC's has 3 Nic's

    A Recon Guy on the internet would first encounter the IP provided by the ISP vice one of the several Macs on the home user's lan. (assuming the IP's are dynamically assigned)

  10. #10
    all that i understand, let's refrase my question:
    suppose you have mac-adress, ip adress (dial-in and dynamic) and computername, how can you see if that guy is on the net?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •