?
Solved

Ping Mac Address

Posted on 2003-03-31
26
Medium Priority
?
17,628 Views
Last Modified: 2013-11-13
In my logs, I log each computer by Mac address since it is unique.  We have people who get a new computer and give the same name to that new computer. I have a bunch of Mac Address with wrong IP address and I want to verify if they are still on the network.  Is there a way to check to see if a Mac address is active on the network much like you would do to veriry a TCP/IP adddress?  
0
Comment
Question by:wvhetrick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +8
26 Comments
 
LVL 15

Expert Comment

by:sr75
ID: 8239645
I don't know about pinging a MAC address..but If you try and ping the Hostname of the machines you will get their current IP address and then run arp -a It will give you the IP address and the MAC address of your recent contacts.  You can then compare the information.
0
 
LVL 31

Expert Comment

by:rid
ID: 8240342
I think there are tools that can show both IP and MAC for any detected activity, like NetMonitor (a Microsoft application) or, say, NetXray. Possibly Ethereal too, which is free. I know NetXray can ping ranges of IP addresses, but I'm not sure about the others.

/RID
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8240425
Solar Winds has some good tools that will do a network scan and print out a list of ip address, node name and mac address..

http://www.solarwinds.net
0
7 Extremely Useful Linux Commands for Beginners

Just getting started with Linux? Here's a quick start guide that has 7 commands that we believe will come in handy.

 
LVL 2

Expert Comment

by:mike_ca
ID: 8240518
try assigning an IP-address to MAC address using
arp -s IP-address MAC-address
then ping IP-address to see if it replies
0
 
LVL 2

Expert Comment

by:mike_ca
ID: 8240952
try assigning an IP-address to MAC address using
arp -s IP-address MAC-address
then ping IP-address to see if it replies
0
 
LVL 1

Expert Comment

by:Sebastien_B
ID: 8240999
I think Mike_Ca gave the best idea, then you will just have to make a exclusion in your DHCP scope, to ensure you have a free-never-used IP,

Then a script could be used to map this ip to any MAC-address you need to check,

What are you thinking about it ?

Seb
0
 
LVL 24

Expert Comment

by:SunBow
ID: 8241130
If you run dhcp, you can review log for access, and -- you can view a list of all MACs, for they are required to get the IP address. If it is not your server, you can still monitor network packets with filter for the target criteria.
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
ID: 8241318
If you are running dhcp, reduce the lease time, and it will tidy itself up.
if not, arp (ipaddress or hostname) will give you the info you need, if you arp hostname, it will give you the current mac address mapped to that hostname.

Ping -a ipaddress will also resolve hostnames

Ethereal ( http://www.ethereal.com )will give you a snapshot of what is going on in your network, including IP, Mac, and hostnames

Mike_ca`s suggestion would work ok too.
0
 
LVL 1

Expert Comment

by:Sebastien_B
ID: 8241359
Reducing DHCP lease has some drawback : it will also increase DHCP load, and network usage...

wylie, still EtherReal addict :))
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8241362
I still think running SolarWinds' MAC Address discovery tool is by far the easiest/quickest, one-click solution:
http://www.solarwinds.net/Tools/Network_Discovery/MAC_Address/index.htm
0
 
LVL 15

Expert Comment

by:sr75
ID: 8241404
Mike_Ca's does not work..all arp -s does is assign an ip address to the arp table of the system he is on.  When he pings the new ip address it will not reply even if it is on the his network.  He needs the correct IP address for the nic to get the MAC.  Since he knows that the users continue to use the same hostname.  It would be easier for him to ping the host name then check the arp table.  compare the ip address from the ping with the ones on the arp table..then see the MAC address.  he will then need to see if this is one of the ones he is looking for.  This is all free and can be done with a little bit of effort.
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
ID: 8241904
I was only suggesting reducing the DHCP lease temporarily in order to tidy things up....

ARP is only a local mapping, but it is still useful (arp -D will give you a lot of info)

No network platform specified, how about nbtstat?

And yes , I think Ethereal is an amazing tool, considering it is free, and works on Linux and windoze :)

Solarwinds sounds interesting:)

I find it exciting that there are so many routes to the result:)
0
 

Author Comment

by:wvhetrick
ID: 8247252
To update the question, I have no idea if these mac address are on the network.  If they are on the network, I do not know what the IP addres would be or even if they have one.  I need something that is not protocol specific and can tell me if a Mac address is still on the network not knowing the IP address.  The arp -s did not work.  With ping you only need the Ip address.  I want something that I only need the MAC address.
0
 
LVL 31

Expert Comment

by:rid
ID: 8247765
I don't know if you can actively "ping" for a MAC address, but if you use a tool like NetXray (possibly others too) you can capture a  heap of traffic and serch for the MAC addresses in there and when found, they would be combined with the IP they are using. I just tried using tcpdump, which will give both MAC and IP for all packets captured. I'd guess Ethereal has this capability too. Capture to a text file and do a search for the MAC's in the text - you should be able to get the IP's.

A bit roundabout, but it seems to work.

/RID
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8248495
wvhetrick, have you tried the SolarWinds tool? It will do exactly what you want. At least download the 30-day trial..
0
 

Expert Comment

by:amir_0895
ID: 8248570
First of all, you cannot "ping" a MAC address using ICMP (like using the ping utility on your computer).
Second, the MAC address is unique, but when a certain computer with a certain IP and MAC sends traffic to your computer, you won't see that computer's MAC address but rather the MAC address of the router that's closest to you (say the router on the ISP's side, or the router on your network).
In the specific case in which all the computer are placed in the same LAN, then it is possible to ping a MAC using RARP. You can look it up in google.
Anyway, I'm afraid that logging the MAC address and not the IP isn't a good way to know who logged to your computer. The fact is that all the firewalls (low end and high end) always log the ip addresses. If logging the MAC was good enough, they would have done the same.

Hope this helps,
Amir
0
 
LVL 1

Expert Comment

by:Sebastien_B
ID: 8248672
Amir,

Logging MAC is definately a better way for security issue, see how Switches security can be tightened by implementing MAC-check for each port.

I fully understand the wvhetrick's need...
But didn't find for the moment a good solution
0
 
LVL 21

Expert Comment

by:wyliecoyoteuk
ID: 8248834
for local networks ONLY!

under linux:
ping network address with -b switch
run netstat, then arp -D
works (populated cache)

under windows,ping network,
run nbtstat,
then arp -D
might work , no windoze box available atm
0
 

Author Comment

by:wvhetrick
ID: 8253095
I have tried the solar windws Tool, It still works by Subnet which is protocol specific which is not what I need.  I want to know if someone reloaded a computer and put it back on the network without my knowledge.  That means it could be a dos machine running IPX/SPX, a windows 3.11 machine, a unix machine, etc.  I do not know if it will have an IP address or even if it will be on a certian subnet. I do know that I have the MAC address which is what I LOG computers by because it is unique(except for spoofing).  The IP address is not unique becuase on two seperate networks, you can have the same ip address.  10.0.0.0 is a common ip address for in house only networks that do not need Internet access.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 152 total points
ID: 8253207
If you have switches, try the switchmapper from SolarWInds. It will document all the MAC addresses that the switch sees, regardless of network protocol
0
 
LVL 21

Assisted Solution

by:wyliecoyoteuk
wyliecoyoteuk earned 148 total points
ID: 8256532
This MUST be possible, mainly because cable ISPs do it all the time.

But:
you probably need to register the Mac address at first connection, and exclude unregistered ones. That will stop it happening in future.

DHCP servers can do this, as can netware (ipx/spx) ones, most firewalls can filter by hostname, iprange, and mac address.

Running Ethereal with  MAC, hostname, ip, and ipx filters enabled would show you what is going on.

How many protocols do you need? One (TCP/IP ) is more than enough for me.

Chop out ipx/spx and netbeui etc.(even Netware runs on IP now), and sort things out!

This seems to be building into more than a simple network housekeeping request, in fact it is starting to look like a hacking guide :0

Most properly managed networks will not allow reconnection of a new computer with an old hostname.(different SID).
0
 

Expert Comment

by:CleanupPing
ID: 9152781
wvhetrick:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 

Author Comment

by:wvhetrick
ID: 9166963
Please refund my points
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 10089400
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Split: lrmoore {http:#8253207} & wyliecoyoteuk {http:#8256532}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Julian Crawford
EE Cleanup Volunteer
0
 
LVL 31

Expert Comment

by:rid
ID: 10090010
I support the split suggestion by juliancrawford.
/RID
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article outlines the struggles that Macs encounter in Windows-dominated workplace environments – and what Mac users can do to improve their network connectivity and remain productive.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question