Re: IP to MAC mapping

["_rAt_" <mailinglists () mail wittenburg10c nl>]

try arpwatch, this does exactly what you are looking for...
it stores all detected MAC/IP number combinations in a database and
reports new entries, changes,  etc using email. And it is open source
and have it running on linux and FreeBSD. I have good expiriences with
arpwatch..

This does not protect you from people who reprogram their ehternet
card and set it's MAC-address to know one and use it's corresponding
IP address.

See also: http://online.securityfocus.com/tools/142

You could also check on the www-proxy server for "unsupported"
versions and brands of browsers. Just to give you some idears.

Cheers,
Renee
- - - - - - - -
Renee A. Teunissen
PTS Software bv, Meerweg 7, 1405BA Bussum, NL.
T.+31-(0)35-6926969, M.+31-(0)6-22778313,
http://www.pts.nl, <first_name>@pts.nl
personal link page: http://wittenburg10c.nl/db/dest/links.html

----- Original Message -----
From: "Ian Lyte" <ilyte () alias666 freeserve co uk>
To: "Johan Denoyer" <jdenoy () digital-connexion info>;
<security-basics () securityfocus com>
Sent: Friday, November 22, 2002 10:59 AM
Subject: RE: IP to MAC mapping


> Hi,
>
> If you use ettercap with the -O option it passively scans the
network for
> all ip addresses and MAC addresses that are using it.
>
> <from ettercap.pdf>
> ?O, ??passive
> Collect infos in passive mode. This method WILL NOT SEND ANY packet
on the
> wire. It will
> put the interface in promiscuous mode and look for packets passing
through
> it. every interesting
> packet (SYN or SYN+ACK) is analyzed and used to make a complete map
of the
> LAN.
> The infos collected are: IP and MAC of the hosts, type of Operating
System
> (passive OS fingerprint),
> network adapter vendor and running services. (for a technical
description
> refer to
> README) In the list are show even other infos: "GW" if the host is a
> GateWay, "NL" if the IP is
> not belonging to the LAN and "RT" if the host act as a router.
> Useful if you want to make a start up host list in complete passive
mode,
> when you are satisfied of
> the collected infos, you can convert it to the startup host list by
simply
> press 'C', and then work as
> usual.
>
> Ian
>
> -----Original Message-----
> From: Johan Denoyer [mailto:jdenoy () digital-connexion info]
> Sent: 20 November 2002 17:50
> To: security-basics () securityfocus com
> Subject: IP to MAC mapping
>
>
> Hi,
>
> we are currently looking into illegal usage of a protected network.
We are
> managing a class C network, and we would like to be able to detect
illegal
> usage of the network by finding the MAC address of the ip address
used and
> then checking it against a database.
>
> Now I would like to find a software or a perl scrip that would do
the work.
> (The budget that we have is 0$, so freeware is likely to be the
solution)
> I have tried doing searches using google without any luck. If anyone
uses
> such software, please tell me which one, and where I can find it.
>
> Thanks,
>
>
> Salutations,
>
> Johan Denoyer
> jdenoy () digital-connexion info
> Digital Connexion
> http://www.digital-connexion.info
> PGP : 0x57A6727B