Given MAC address, find the host

Does anyone know of a utility to find a host's IP address, given only the MAC address?  (ARP won't work unless your workstation has talked to the host recently, thus placing the MAC address in the ARP cache.)  To make this easier, assume we're dealing with a single broadcast domain.
LVL 1
mfa073198Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LermitteCommented:
Do you use DHCP? With DHCP you can find the MAc-adress in the DHCP-manager.

Mario
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brugmanjCommented:
It's a guess but it may help: Send an ICMP PING packet to the mac address of the computer you're trying to find filling in the IP address as the subnet's broadcast address (I understand you're on the same subnet anyway so you got that address). IP Layer should pass it through and the receiver should reply effectivly giving you his IP address.

It would require some code though...

0
mfa073198Author Commented:
Lermitte: yes, we use DHCP... mostly.  In any event, I want a generalized solution that will work in the case of a static address.  In the problem at hand, I'm almost certain it's a static address assigned by a user who's got no business assigning his own address.

brugmanj: That would work.  Let me know when you've got the code written :~).
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

mfa073198Author Commented:
Now that I think of it, that's no so hard.  Isn't there some open-source PING code around somewhere?
0
jgarrCommented:
Ping the host. This will put the mac address in the arp cache. Then arp -a to find the mac address.
0
andyalderCommented:
you can use wsping-pro from www.ipswitch.com to ping each address on the subnet, then ARP will give you the address.

Also Microsoft Mail Gateway to X.400
comes with a ping.exe that can ping a MAC address but this would cost rather a lot.

Brugmanj, I'll give you some points aswell if you write a pingtool that echo-requests to the MACaddress.
0
mfa073198Author Commented:
jgarr, read the question again.

andyalder, the brute force approach has some appeal, but I was hoping for a) a little more elegance, and b) something I could use in an automated fashion.  I looked at ipswitch's Website, but there's no way to submit a request for product enhancement.  Given the source code for any PING utility, I'll bet it'd take about 5 minutes to change it to do what we want.  It's still worth 100 points to me, though, even if it is trivial.
0
brugmanjCommented:
Bidding is open...
0
CAFCommented:
im assuming the reason that you cant check the arp cache before connection is because the system is on another subnet, even so if you arp,  the only request that arp can make is to the router or the default gatway,and the roouter will resolve the arp request after the initial arp request the mac adress obtained by the router should be in the routers cache try checking ther, also what about network  monitor
0
jgarrCommented:
Sorry, I was watching the kids....


0
mfa073198Author Commented:
CAF and others, the reason for all this is that I have seen some system event logs indicating that someone is trying to connect to our network with an IP address that is assigned (static) to one of our core servers.  I want to find out who is doing this.  The event log gives the MAC address, but of course the IP address is meaningless.  If I  can find his current IP address, then I can find him.
0
brugmanjCommented:
We'll I don't have the means right now to write you an application but maybe here's a good option.

In your logon script call WinMSD to dump an output file to a common share. Then 'find files' 'containing' the mac address you need.
0
mfa073198Author Commented:
brugmanj - Doesn't that mean I've got to get to the offending machine to set the logon script?  (We don't have any control over individuals' machines here.)

Lermitte - Turns out there's also a tool in the Resource Kit (dhcpcmd) that lists the dhcp data.  You can then direct the console output to a file and scan for a particular MAC address.  In my case, I found the offender properly on the network with a valid lease, and have accounted for the problem to my satisfaction.  So, I'm going to accept your comment as an answer, but my earlier offer of 100 points for a more generalized PING-like utility still stands.  I'd even pay $19.95 for it.
0
LermitteCommented:
Your generous :-) And yes there are several tools for this.. I use Network monitor for that...

Mario
0
mfa073198Author Commented:
Network monitor won't work for me because we have a fully switched network.  Even promiscuity won't help if the packet never gets to the machine running the monitor :-).
0
andyalderCommented:
mfa, emailed ipswitch for product enhancement request, hopefully we get a proper tool for this:
>Hi,
>I have forwarded your suggestions to >our developers.
>Thanks,
>Jeff Moreau
>Ipswitch Technical Support
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.