?
Solved

Given MAC address, find the host

Posted on 1999-12-06
16
Medium Priority
?
261 Views
Last Modified: 2013-12-23
Does anyone know of a utility to find a host's IP address, given only the MAC address?  (ARP won't work unless your workstation has talked to the host recently, thus placing the MAC address in the ARP cache.)  To make this easier, assume we're dealing with a single broadcast domain.
0
Comment
Question by:mfa073198
  • 6
  • 3
  • 2
  • +3
16 Comments
 
LVL 6

Accepted Solution

by:
Lermitte earned 200 total points
ID: 2260062
Do you use DHCP? With DHCP you can find the MAc-adress in the DHCP-manager.

Mario
0
 
LVL 1

Expert Comment

by:brugmanj
ID: 2260097
It's a guess but it may help: Send an ICMP PING packet to the mac address of the computer you're trying to find filling in the IP address as the subnet's broadcast address (I understand you're on the same subnet anyway so you got that address). IP Layer should pass it through and the receiver should reply effectivly giving you his IP address.

It would require some code though...

0
 
LVL 1

Author Comment

by:mfa073198
ID: 2260238
Lermitte: yes, we use DHCP... mostly.  In any event, I want a generalized solution that will work in the case of a static address.  In the problem at hand, I'm almost certain it's a static address assigned by a user who's got no business assigning his own address.

brugmanj: That would work.  Let me know when you've got the code written :~).
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
LVL 1

Author Comment

by:mfa073198
ID: 2260263
Now that I think of it, that's no so hard.  Isn't there some open-source PING code around somewhere?
0
 
LVL 2

Expert Comment

by:jgarr
ID: 2260583
Ping the host. This will put the mac address in the arp cache. Then arp -a to find the mac address.
0
 
LVL 56

Expert Comment

by:Handy Holder
ID: 2261503
you can use wsping-pro from www.ipswitch.com to ping each address on the subnet, then ARP will give you the address.

Also Microsoft Mail Gateway to X.400
comes with a ping.exe that can ping a MAC address but this would cost rather a lot.

Brugmanj, I'll give you some points aswell if you write a pingtool that echo-requests to the MACaddress.
0
 
LVL 1

Author Comment

by:mfa073198
ID: 2261645
jgarr, read the question again.

andyalder, the brute force approach has some appeal, but I was hoping for a) a little more elegance, and b) something I could use in an automated fashion.  I looked at ipswitch's Website, but there's no way to submit a request for product enhancement.  Given the source code for any PING utility, I'll bet it'd take about 5 minutes to change it to do what we want.  It's still worth 100 points to me, though, even if it is trivial.
0
 
LVL 1

Expert Comment

by:brugmanj
ID: 2262011
Bidding is open...
0
 
LVL 1

Expert Comment

by:CAF
ID: 2263309
im assuming the reason that you cant check the arp cache before connection is because the system is on another subnet, even so if you arp,  the only request that arp can make is to the router or the default gatway,and the roouter will resolve the arp request after the initial arp request the mac adress obtained by the router should be in the routers cache try checking ther, also what about network  monitor
0
 
LVL 2

Expert Comment

by:jgarr
ID: 2263813
Sorry, I was watching the kids....


0
 
LVL 1

Author Comment

by:mfa073198
ID: 2265148
CAF and others, the reason for all this is that I have seen some system event logs indicating that someone is trying to connect to our network with an IP address that is assigned (static) to one of our core servers.  I want to find out who is doing this.  The event log gives the MAC address, but of course the IP address is meaningless.  If I  can find his current IP address, then I can find him.
0
 
LVL 1

Expert Comment

by:brugmanj
ID: 2265452
We'll I don't have the means right now to write you an application but maybe here's a good option.

In your logon script call WinMSD to dump an output file to a common share. Then 'find files' 'containing' the mac address you need.
0
 
LVL 1

Author Comment

by:mfa073198
ID: 2266226
brugmanj - Doesn't that mean I've got to get to the offending machine to set the logon script?  (We don't have any control over individuals' machines here.)

Lermitte - Turns out there's also a tool in the Resource Kit (dhcpcmd) that lists the dhcp data.  You can then direct the console output to a file and scan for a particular MAC address.  In my case, I found the offender properly on the network with a valid lease, and have accounted for the problem to my satisfaction.  So, I'm going to accept your comment as an answer, but my earlier offer of 100 points for a more generalized PING-like utility still stands.  I'd even pay $19.95 for it.
0
 
LVL 6

Expert Comment

by:Lermitte
ID: 2266266
Your generous :-) And yes there are several tools for this.. I use Network monitor for that...

Mario
0
 
LVL 1

Author Comment

by:mfa073198
ID: 2266754
Network monitor won't work for me because we have a fully switched network.  Even promiscuity won't help if the packet never gets to the machine running the monitor :-).
0
 
LVL 56

Expert Comment

by:Handy Holder
ID: 2271160
mfa, emailed ipswitch for product enhancement request, hopefully we get a proper tool for this:
>Hi,
>I have forwarded your suggestions to >our developers.
>Thanks,
>Jeff Moreau
>Ipswitch Technical Support
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question