-
June 18th, 2006, 08:55 AM
#1
Getting a MAC (physical) address...
...any way to do this remotely on a LAN when setting up a wireless router? I'm setting up an access list on a Netgear WGR614 and want to make it look easy by pulling the MAC's from my laptop. Nmap gives me some MAC's, but not all.
TIA.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
June 18th, 2006, 10:48 AM
#2
Doh. Ettercap picks them up.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
June 18th, 2006, 02:42 PM
#3
Just remember that the layer 2 (mac) address is re-written inside of a packet at every hop. Therefore you must be before the first hop to get the mac address for the actual machine.
-
June 18th, 2006, 02:48 PM
#4
????
The source MAC will always be the MAC of the machine that created the Frame.
-
June 18th, 2006, 02:56 PM
#5
Before the first hop, yes. However, when your packet crosses a routing device (firewall/router..) the mac is rewritten every hop with the mac of the routing device. So, if you were to sniff a packet on the "inside" of a router, you mac will read "3COM" or "INTEL" or whatever the make of your nic card is... however, if you sniff a packet on the "outside" of a router, and your router is a Cisco device, the mac will read "CISCO".
-
June 18th, 2006, 03:29 PM
#6
I think the confusion here lies on how you're doing this. If you simply sniff packets, indeed you will see MAC frames from the last router hop as Kcore has mentioned. This is expected behavior per the RFC.
If you solicit the MAC of the remote host with a tool like NMAP, yes, you will get the MAC address but not because of any layer II function but rather via a call from the actual tool.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 18th, 2006, 03:35 PM
#7
-
June 19th, 2006, 02:03 PM
#8
Ah. I must have misread. I was talking about Sniffing.. As opposed to tool discovery.
Thanks
-
June 19th, 2006, 07:20 PM
#9
Junior Member
nmap MAC discovery?
Perhaps I missed something, but how does one use NMAP to get MAC addresses remotely (ie when there is a router/layer 3 device between yourself and the scanned target)? If truly possible, that could be a powerful tool for determining the hardware platform of a remote device.
In the case of the Netgear WGR614, based upon the specs the wireless and wired interfaces are bridged together, not routed. Thats why MACs are visible in this case.
-
June 19th, 2006, 08:08 PM
#10
You know, organ, I never paid a lot of attention to nmap results except to primarily see what is on any given LAN and what services may be running (or running a pen test across the net). Generally those are hardwired LANs as opposed to wireless.
Yes, "nmap -sV -O -P0" and "nmap -sS -P0" will give me MAC addresses of PC's on a LAN (just doublechecked on this one -- hardwired) and it picked up every MAC address save one -- this laptop (which I scanned from the server) which is running XP's built-in firewall. None of the others is running a software firewall.
Scanning w/ nmap on a wireless LAN probably yields different results because anybody running wireless is probably got a software firewall (you'd be an id10t not to).
“Everybody is ignorant, only on different subjects.” — Will Rogers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|