hello,
is it possible to get someone's ip if you have his /her mac-adress??
and if so, how is this possible?
i've tried google, but didn't find any relevant information :(
Printable View
hello,
is it possible to get someone's ip if you have his /her mac-adress??
and if so, how is this possible?
i've tried google, but didn't find any relevant information :(
Do a search for RARP: Reverse Address Resolution Protocol (Mac to IP)
did as you suggested, i've read rfc903 and a lot of other things / tutorials, and i know the general idea behind it.Quote:
Do a search for RARP: Reverse Address Resolution Protocol (Mac to IP)
but i was thinking,
suppose i give you ( or anyone ) a mac adress: 00-60-08-FB-A1-0F (just wrote one down)
how would you get his ip ( that is, if he's on the net)?
would you use a tool to scan the complete internet bit by bit until you've found him, or are there faster / easier ways???
Well that may not work too well on the internet and hopefully others more knowledgeable will jump in and bail me out, but.... The IP would probably be his ISP's and not his own if it was Dynamically assigned and Bet you'd hit a stop sign at your ISP once more because you would have to be on the same network as the other fellow to use RARP/ARP.
If you were able too....here's someting write a while back in response to a similar thread:
http://www.antionline.com/bookmarks....jump&bmid=1298
posted 02-18-2004 07:46 PM
(post #4)
Well yep, as long as my cisco memory doesn't turn into gray moments it’s been about two years…lol…. And if they’re your routers, because obviously you’ll need passwords. You can do some router hopping and use the “show CDP neighbors” (Cisco Discovery Protocol - for cisco routers, but surely others have a similar command to find out who the neighbors are (other routers, platforms etc.).
So you telnet into the router directly connected to your network, enter in to the “exec-mode” (might be able to do it in the “user-mode” as well – but it’s show commands are limited), issue the “show CDP neighbors”, grab the mac (data link address = mac address) of the next router, RARP to get the IP, telnet into the next and repeat the process until you get where you want to go. My ole Cisco Instructor would say, “why didn’t you just grap the routing tables and RARP for the next IP, don’t they exchange network info with other routers?” I guess I’d have to say something along the lines of,” well I already started typing this and (humph!)….”.
Just food for thought.....
good luck
02/20/2004 21:15:52 Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.
didnt realy undrestand it so any help could use thx
It means someone has "answered" an ARP request you didnt ask for. This will frequently add the ARP reply (adding the attackers desired entry) to the ARP table even when the response is unsolicited and can be (ab)used in a number of ways. As long as the requests are being blocked you are safe although you may to want to log the traffic (perhaps the ISP can help if you think this is an attacker) You may want to just sniff the traffic a while and make sure it isnt a freakish byproduct of DHCP.
-Maestr0
i was afraid of that, but i did hear once that if the police ( forensic researchers) got your mac-adress, they can find out the rest of your personal data. so it has to be possible i think..Quote:
Well that may not work too well on the internet and hopefully others more knowledgeable will jump in and bail me out, but.... The IP would probably be his ISP's and not his own if it was Dynamically assigned and Bet you'd hit a stop sign at your ISP once more because you would have to be on the same network as the other fellow to use RARP/ARP
but on the other hand, i can't call an ISP to get the data / ip of a specific person with just a mac-adress, and i think the cops are allowed..
it is a difficult, but interesting subject....
but at least i'm learning something of it :P
Hi, not my subject by any means but:
Let's look at a probable scenario:Quote:
i was afraid of that, but i did hear once that if the police ( forensic researchers) got your mac-adress, they can find out the rest of your personal data. so it has to be possible i think..
I am onto a perp but he shares a residential block with a small LAN and a single ISP provider?
OK I can trace the logs, times, dates etc. but there are several machines that could log in and out of the same ISP.................AFAIK the MAC address is how I can tell which machine was used..........a bit like the old forensics and typewriters?
I could well be wrong (why break the habit of a lifetime :D ) but I see the MAC addy at the "back end" of the investigation, not at the front.
If I have fewer machines to investigate it does wonders for my budget and stops me seriously annoying innocent parties by impounding all the kit on the LAN....................assuming I could get such a vague warrant in the first place?
I really cannot envisage a scenario where I would get MAC addy info before ISP/IP log data?
just my thoughts...............anyone care to enlighten me?
Cheers
Lepricon
Nilhil nailed when he said "...I see the MAC addy at the "back end" of the investigation, not at the front."
Here's a home user's setup that I know of: (obviously working backwards from the internet)
Internet > Good Guy's ISP > Dial-up modem thru Telephone line (boo to slow!) :( > Firewall/router > Cat 5 to Switch > Cat 5 to Nic's on Home Lan, 4 PC's with different firewalls, one of the PC's has 3 Nic's ;)
A Recon Guy on the internet would first encounter the IP provided by the ISP vice one of the several Macs on the home user's lan. (assuming the IP's are dynamically assigned)
all that i understand, let's refrase my question:
suppose you have mac-adress, ip adress (dial-in and dynamic) and computername, how can you see if that guy is on the net?
You only have to have his IP adress to find out if he's online.
A succesfull ping means he's online. Though he might (probably?) drop ICMP packets at his firewall.
If you only have the MAC and you did not know the IP nor where to look(SomeISP) you would not find them. MACs are not routable. If you know the IP then like el-half says you can ping them and see if they are on line.
IRC or other apps they use may show you the MAC or PC names if both of you our logged onto them.