Security Basics mailing list archives
Re: IP to MAC mapping
From: "_rAt_" <mailinglists () mail wittenburg10c nl>
Date: Tue, 26 Nov 2002 09:54:37 +0100
try arpwatch, this does exactly what you are looking for... it stores all detected MAC/IP number combinations in a database and reports new entries, changes, etc using email. And it is open source and have it running on linux and FreeBSD. I have good expiriences with arpwatch.. This does not protect you from people who reprogram their ehternet card and set it's MAC-address to know one and use it's corresponding IP address. See also: http://online.securityfocus.com/tools/142 You could also check on the www-proxy server for "unsupported" versions and brands of browsers. Just to give you some idears. Cheers, Renee - - - - - - - - Renee A. Teunissen PTS Software bv, Meerweg 7, 1405BA Bussum, NL. T.+31-(0)35-6926969, M.+31-(0)6-22778313, http://www.pts.nl, <first_name>@pts.nl personal link page: http://wittenburg10c.nl/db/dest/links.html ----- Original Message ----- From: "Ian Lyte" <ilyte () alias666 freeserve co uk> To: "Johan Denoyer" <jdenoy () digital-connexion info>; <security-basics () securityfocus com> Sent: Friday, November 22, 2002 10:59 AM Subject: RE: IP to MAC mapping
Hi, If you use ettercap with the -O option it passively scans the
network for
all ip addresses and MAC addresses that are using it. <from ettercap.pdf> ?O, ??passive Collect infos in passive mode. This method WILL NOT SEND ANY packet
on the
wire. It will put the interface in promiscuous mode and look for packets passing
through
it. every interesting packet (SYN or SYN+ACK) is analyzed and used to make a complete map
of the
LAN. The infos collected are: IP and MAC of the hosts, type of Operating
System
(passive OS fingerprint), network adapter vendor and running services. (for a technical
description
refer to README) In the list are show even other infos: "GW" if the host is a GateWay, "NL" if the IP is not belonging to the LAN and "RT" if the host act as a router. Useful if you want to make a start up host list in complete passive
mode,
when you are satisfied of the collected infos, you can convert it to the startup host list by
simply
press 'C', and then work as usual. Ian -----Original Message----- From: Johan Denoyer [mailto:jdenoy () digital-connexion info] Sent: 20 November 2002 17:50 To: security-basics () securityfocus com Subject: IP to MAC mapping Hi, we are currently looking into illegal usage of a protected network.
We are
managing a class C network, and we would like to be able to detect
illegal
usage of the network by finding the MAC address of the ip address
used and
then checking it against a database. Now I would like to find a software or a perl scrip that would do
the work.
(The budget that we have is 0$, so freeware is likely to be the
solution)
I have tried doing searches using google without any luck. If anyone
uses
such software, please tell me which one, and where I can find it. Thanks, Salutations, Johan Denoyer jdenoy () digital-connexion info Digital Connexion http://www.digital-connexion.info PGP : 0x57A6727B
Current thread:
- IP to MAC mapping Johan Denoyer (Nov 22)
- RE: IP to MAC mapping Ian Lyte (Nov 25)
- RE: IP to MAC mapping Vytautas Kaziukonis (Nov 26)
- Re: IP to MAC mapping _rAt_ (Nov 26)
- Re: IP to MAC mapping Richard Westlake (Nov 25)
- RE: IP to MAC mapping Burton M. Strauss III (Nov 25)
- Re: IP to MAC mapping Shanon (Nov 28)
- RE: IP to MAC mapping Seth Connolly (Nov 25)
- Re: IP to MAC mapping Jon (Nov 25)
- Re: IP to MAC mapping Devdas Bhagat (Nov 25)
- Re: IP to MAC mapping Robert Hogan (Nov 26)
- Message not available
- Re: IP to MAC mapping Devdas Bhagat (Nov 26)
- Enforcing IE not cache usr/passwords and parsing the current cache Mark (fat) (Nov 28)
- RE: IP to MAC mapping Ian Lyte (Nov 25)
- RE: IP to MAC mapping Steinar Skjelanger (Nov 27)