July 20, 2008 02:09am pdt

1. KCTS 1,235,397
2. RobWill 1,148,632
3. Sembee 1,023,191
4. kieran_b 752,582
5. TechSoEasy 713,970
6. batry_boy 712,695
7. tigermatt 694,094
8. LeeTutor 672,659
9. and235100 622,245
10. omarfarid 588,892
11. Chris-Dent 560,376
12. ravenpl 558,830
13. lrmoore 523,726
14. rindi 515,643
15. mass2612 462,641

1. Sembee 18,341,679
2. lrmoore 9,223,320
3. TechSoEasy 5,985,705
4. RobWill 4,878,806
5. Sheharya... 4,623,521
6. LeeTutor 4,181,104
7. leew 4,026,821
8. jlevie 3,150,709
9. sirbounty 3,034,902
10. oBdA 3,029,069
11. PeteLong 2,990,118
12. stevenlewis 2,957,465
13. rindi 2,749,458
14. CrazyOne 2,731,649
15. Fatal_Ex... 2,711,971

03.20.2002 at 05:43AM PST, ID: 20279274

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.4

Find a IP with the MAC address (reverse Lookup)

Zones: Miscellaneous Networking, Dynamic Host Configuration Protocol (DHCP, Domain Name Service (DNS)

Tags: address, mac, ip, find

Hi,

I've a MAC address... How I can find the IP Address of that machine.

Thank in advance.
Phil !

Start your free trial to view this solution

Question Stats

Zone: Networking

Question Asked By: samphi

Solution Provided By: scraig84

Participating Experts: 14

Solution Grade: A

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
Automotive
New Net Users
New Users

Software
Digital Music
Gaming World
Home Security

Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Displays / Monitors
Handhelds / PDAs
Components
Peripherals
Laptops/Notebooks

Servers
Misc
Apple
Embedded Hardware
Networking Hardware

Storage
Desktops
New Users

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMware
Misc
Web Development

OS
CYGWIN
Voice Recognition
Virtualization
Message Queue
Quality Assurance
Security
Firewalls

MultiMedia Applications
Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals
Devices

Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
Web Computing
WebApplications
IDS
Vulnerabilities
Email Clients
File Sharing

Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Consulting
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMware

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel
Automation

Algorithms
Game
Signal Processing
Project Management
Open Source
Database

Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Web Services

Images
Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration

WebApplications
Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Web Computing

Broadband
Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Lounge
Business Travel
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles
Automotive

Community Support

Suggestions
New to EE
New Topics
CleanUp

Announcements
General
Feedback

Input
EE Bugs

03.20.2002 at 05:52AM PST, ID: 6882508

Rank: Master

scraig84:

Typically you would need to find it on one of your machine's arp tables. If there is a router in your network, this is usually the most central place to gather that type of info. On a cisco router, the command is "show arp" - it will give you a listing of the MAC addresses and their corresponding IP address. On a windows box, from a DOS prompt you can type "arp -a" to see similar output.

Happy hunting - and good luck!

Accepted Solution

03.20.2002 at 08:10AM PST, ID: 6882846

Rank: Master

geoffryn:

You also might look at your DHCP server. It should list the MAC addresses of all machines that have leased IP addresses on the network.

03.20.2002 at 02:30PM PST, ID: 6884039

Rank: Master

andyalder:

Maybe it's only running IPX so doesn't have an IP address?

03.20.2002 at 02:35PM PST, ID: 6884054

Rank: Master

scraig84:

Interesting thought - but I think you might want to refer back to the question...

03.20.2002 at 03:01PM PST, ID: 6884121

Rank: Master

andyalder:

I have read the question.

I was simply pointing out that the question "I've a MAC address... How I can find the IP Address of that machine." is invalid since it might be running properly with no IP addresses (or maybe 20 of them) bound to the same card/mac address. Am I wrong to do that?

You are right in your first comment that it is pot-luck that you see the arp entry on a machine or see it when sniffing the cable so you should get the points. There's no guaranteed interrogation method short of a DoS attack against it and see which user complains. At least you can find the make of the card normally though.

03.20.2002 at 03:16PM PST, ID: 6884146

UkWizard:

If you know the subnet it is sitting on, ping the broadcast address from a windows machine. Then inspect the arp table afterwards.

Example;
If your subnet was 192.168.1.0 with a subnet of 255.255.255.0

Then would run;

ping 192.168.1.255

That might do it for you, good luck

03.21.2002 at 05:24AM PST, ID: 6885352

samphi:

Hi All,

I'm happy to see that you're interested in my question!
;o)

I'm checked my routers and switches, and I have a abnormal plug. (too much transfer) and I have only his MAC addresse...

There's not a DHCP... There's a static IP...
Yes "ARP -a" is a good utility, but I was not found that IP... Actually, I'm thinking that's a printer...

I will wait still before distributing the points...

My "hunting" continue...
Excuse my english.
Phil !

ps: If that continues, I'll unplug this cable and I'll receive a call ;o)

03.21.2002 at 11:50AM PST, ID: 6886651

johntegg:

Go to www.download.com and in the search bar put
"mac address" (without the quotes). It will turn up some tools like Whaddayagot 2.0 and APK GetMacAddress 1.0 that will help you to find the info you're looking for. There are other network monitoring tools that will show that information also.

03.21.2002 at 12:02PM PST, ID: 6886693

Rank: Master

andyalder:

If you think it's a printer then the first step is to find the manufacturer from something lookup chart like http://www.coe.uky.edu/~stu/nic/nic.cfm or http://www.synapse-networks.com/ban/HTML/P_LAYER2/Eng/P_lay280.html

Assisted Solution

03.21.2002 at 03:42PM PST, ID: 6887277

kakarika:

when you have an MAC address and want to find out who's MAC is that, you use reverse ARP (RARP)... it functions just like a ARP but instead of asking 'i got an ip x.y.z.n what is the MAC?', it asks 'i got an MAC what is the IP?' if the destination has one it would send...

03.23.2002 at 09:33AM PST, ID: 6891051

Rank: Master

andyalder:

<off topic>
Kakarika, I see you are new to EE, welcome. The site is more about collaboration between experts to find the solution to a problem rather than an exam test site, most experts restrict themselves to providing comments that the questioner can later select as the answer if it solves their problem and as such you should only click on answer if you are 300% sure you have the solution. Sometimes you will provide helpful comments for no reward, other times you may be rewarded points where others have helped without reward, it evens itself out.

Comments
Comments are intended to be used as a collaboration tool. Many Experts choose to post their solutions
as comments only.

Answers
An answer is a specific solution to a question and should be submitted if it will solve the questioner's
problem and doesn't duplicate a previous comment.

Comment Vs. Answer
If you are unsure of your solution, post it as a comment. Members can accept comments as solutions and
award you Expert Points for them.

<on topic>
I thought RARP was a forerunner to BOOTP and DHCP, unless he has a RARP server to query your answer means that nowadays I would look it up on a DHCP server which Geoff suggested earlier. Correct me if there is a protocol to query the MAC address for it's possible IP addresses.

03.28.2002 at 01:28PM PST, ID: 6903667

trath:

Sorry no offence but kakarika is wrong. RARP is used to by a diskless device to find its IP address using a BOOTP Server.

05.13.2002 at 08:03PM PDT, ID: 7007560

Computer101:

For reasons stated above and below, proposed answer rejected.

Computer101
E-E Moderator

Comments
Comments are intended to be used as a collaboration tool. Many Experts choose to post their solutions as comments only.

Answers
An answer is a specific solution to a question and should be submitted if it will solve the questioner's problem and doesn't duplicate a previous comment.

Comment Vs. Answer
If you are unsure of your solution, post it as a comment. Members can accept comments as solutions and award you Expert Points for them.

For more tips on comments and answers, click here.

05.14.2002 at 01:12PM PDT, ID: 7009555

Rank: Master

andyalder:

Phil, you still with us? any correlation with that MAC address and a manufacturer or is it a deliberate attack with a cloned MAC address?

Surely to have seen the MAC address on the network is to posess a trace containing it in the header of a packet, so lets examine that trace or the output of the tool that saw it in the first place or did some comment lead you to identifying it and you ran away without acknowledging the hint that helped identify it.

I'd rather see this paq'd with 0 points for all than the knowledge wasted, "I'm happy to see that you're interested in my question!" damn right there, but now we are interested in the solution and you haven't commented for a while.

05.15.2002 at 06:24AM PDT, ID: 7010972

samphi:

Hi andyalder and all,

I've somes seconds...;-)

Ok, My switch indicated 1Gig transfer in one night, And I've only the MAC address. Then I going to hunting to IP.

I received somes tools and tips :
"ARP -a"
http://www.coe.uky.edu/~stu/nic/nic.cfm
http://www.synapse-networks.com/ban/HTML/P_LAYER2/Eng/P_lay280.html

And with this links, I discovered that MAC is not a PC. there's a defect printer. I was gone searching for that printer, floor by floor... I'm always interested to find a good tip or tool for trace the IP via the MAC.

Thank you for your help.
I continue...
I keep you informed...

Phil !

05.17.2002 at 02:18AM PDT, ID: 7015790

Rank: Master

andyalder:

Just remembered, assuming it's a jetdirect you can do
"arp -s <ip address> <mac address>" where <ip address> is a spare IP address on your local subnet and <mac address> is the mac of the printer. Next "telnet <ip address>" and you get the menu of the jetdirect and can read what it's stored IP address is. Then delete the static arp entry and print a "help please phone IT and tell me where this printer is" message to it.

Doesn't work with a PC as the target since they don't respond to the packets unless the MAC and IP are both correct but printers normally respond whatever the IP address is if the MAC is theirs. It was the only way to initially setup jetdirects before jetadmin for unix was written. Method probably works with other printers as well.

Of course you could use wspingpro or similar mapping program to ping every address on the local subnet then look in arp cache but that won't help unless it has an address on that subnet.

08.15.2003 at 02:52AM PDT, ID: 9155779

CleanupPing:

samphi:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.

10.15.2004 at 06:08AM PDT, ID: 12318761

ndenny:

For what it's worth I had a similar issue (MAC but IP unknown). Followed UKWizard's advice and voila IP matching the MAC.
Thanks

12.08.2004 at 08:10PM PST, ID: 12780091

willyjd1:

If you have a linux machine on your network load up arpwatch. It will watch the network and build a table (arp.dat) that you can refer to.

Will

04.14.2005 at 08:24AM PDT, ID: 13782588

itamt:

C:\>arp -a 00-12-D9-3C-50-22
ARP: bad argument: 00-12-D9-3C-50-22

C:\>

Help!

04.14.2005 at 10:19AM PDT, ID: 13783772

Rank: Master

andyalder:

itamt, this question was closed ages ago, you'll have to ask your own question on the syntax of the ARP command.

I can confirm however that that is not the correct syntax.

05.18.2005 at 01:41PM PDT, ID: 14031078

tomerlei:

just use
arp -a
and it will list all mac adresses known to him.

05.30.2005 at 03:47AM PDT, ID: 14107459

subhanandi:

CC Get Mac Address is a nice tool. One may try that as well..

20080236-EE-VQP-29