-
February 18th, 2004, 10:33 PM
#1
Junior Member
Remote MAC address retrieval (Sans SNMP)
Does anyone know a good way to remotely retrieve end stations' MAC addresses? THey are not running SNMP, so tools like Solar Winds are out...Any Ideas?
-
February 18th, 2004, 10:35 PM
#2
Are they in the same subnet as you? ping <broadcast address> -t (for windows) or ping <broadcast address> -b (for linux) will get back multiple responses (let it run for a few seconds). Then do a arp -a to see the results.
-
February 18th, 2004, 11:12 PM
#3
Junior Member
Excellent idea, MsMittens, however they are in a different subnet, through several routers.
I suppose I could do something similar for the router on the far end, but I would prefer to be able to do it on a Win32 box and have the output in a text file...
-
February 19th, 2004, 01:46 AM
#4
Roncarney,
Well yep, as long as my cisco memory doesn't turn into gray moments it’s been about two years…lol…. And if they’re your routers, because obviously you’ll need passwords. You can do some router hopping and use the “show CDP neighbors” (Cisco Discovery Protocol - for cisco routers, but surely others have a similar command to find out who the neighbors are (other routers, platforms etc.).
So you telnet into the router directly connected to your network, enter in to the “exec-mode” (might be able to do it in the “user-mode” as well – but it’s show commands are limited), issue the “show CDP neighbors”, grab the mac (data link address = mac address) of the next router, RARP to get the IP, telnet into the next and repeat the process until you get where you want to go. My ole Cisco Instructor would say, “why didn’t you just grap the routing tables and RARP for the next IP, don’t they exchange network info with other routers?” I guess I’d have to say something along the lines of,” well I already started typing this and (humph!)….”.
Please make any corrections/comments because it's been a long time.
cheers
-
February 19th, 2004, 04:48 AM
#5
Couldn't you ping them, capture packets and then look at the source MAC address in the packets that come in (echo reply packets)?
Cheers,
cgkanchi
-
February 19th, 2004, 08:48 AM
#6
Originally posted here by cgkanchi
Couldn't you ping them, capture packets and then look at the source MAC address in the packets that come in (echo reply packets)?
No this won't work. The MAC address of all the PING replies will be the MAC of the local gateway for his subnet. The only way to find out MAC addresses on another network is if your have access to a switch/router on that network.
OpenBSD - The proactively secure operating system.
-
February 19th, 2004, 11:15 AM
#7
If the destination machine (the machine you need to know the MAC) is a windows machine you can do nbtstat -a <ipaddress>. This will give you all netbios names registered on that machine but also it's MAC address.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
February 19th, 2004, 11:35 PM
#8
If he has physical access to the destination machine and it's a windows unit then he pretty much has it made as was explained. I was under the impression he wanted to do it remotely, minus any type of timbuktu, other remotes etc, thus the router hops.
Was I in the ballpark with my previous post about snagging the router tables and doing RARP's?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|