Results 1 to 8 of 8

Thread: Remote MAC address retrieval (Sans SNMP)

  1. #1
    Junior Member
    Join Date
    Feb 2004
    Posts
    4

    Question Remote MAC address retrieval (Sans SNMP)

    Does anyone know a good way to remotely retrieve end stations' MAC addresses? THey are not running SNMP, so tools like Solar Winds are out...Any Ideas?

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Are they in the same subnet as you? ping <broadcast address> -t (for windows) or ping <broadcast address> -b (for linux) will get back multiple responses (let it run for a few seconds). Then do a arp -a to see the results.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Junior Member
    Join Date
    Feb 2004
    Posts
    4
    Excellent idea, MsMittens, however they are in a different subnet, through several routers.
    I suppose I could do something similar for the router on the far end, but I would prefer to be able to do it on a Win32 box and have the output in a text file...

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Roncarney,

    Well yep, as long as my cisco memory doesn't turn into gray moments it’s been about two years…lol…. And if they’re your routers, because obviously you’ll need passwords. You can do some router hopping and use the “show CDP neighbors” (Cisco Discovery Protocol - for cisco routers, but surely others have a similar command to find out who the neighbors are (other routers, platforms etc.).

    So you telnet into the router directly connected to your network, enter in to the “exec-mode” (might be able to do it in the “user-mode” as well – but it’s show commands are limited), issue the “show CDP neighbors”, grab the mac (data link address = mac address) of the next router, RARP to get the IP, telnet into the next and repeat the process until you get where you want to go. My ole Cisco Instructor would say, “why didn’t you just grap the routing tables and RARP for the next IP, don’t they exchange network info with other routers?” I guess I’d have to say something along the lines of,” well I already started typing this and (humph!)….”.


    Please make any corrections/comments because it's been a long time.

    cheers

  5. #5
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Couldn't you ping them, capture packets and then look at the source MAC address in the packets that come in (echo reply packets)?

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    Originally posted here by cgkanchi
    Couldn't you ping them, capture packets and then look at the source MAC address in the packets that come in (echo reply packets)?
    No this won't work. The MAC address of all the PING replies will be the MAC of the local gateway for his subnet. The only way to find out MAC addresses on another network is if your have access to a switch/router on that network.
    OpenBSD - The proactively secure operating system.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    If the destination machine (the machine you need to know the MAC) is a windows machine you can do nbtstat -a <ipaddress>. This will give you all netbios names registered on that machine but also it's MAC address.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    If he has physical access to the destination machine and it's a windows unit then he pretty much has it made as was explained. I was under the impression he wanted to do it remotely, minus any type of timbuktu, other remotes etc, thus the router hops.

    Was I in the ballpark with my previous post about snagging the router tables and doing RARP's?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •