Solved

Determine IP address from Mac Adress

Posted on 2004-10-18
29
622 Views
Last Modified: 2013-11-30
I have a managable switch and two managable hubs that i have to access to reconfigure their IP settings.  The problem is that i don't know what hard coded IP address they are currently using so i am unable to access their management utilities via the web interface.  They are not using the same IP address as the rest of the network.  Their Mac address is written on the back of the hubs however.  

My question:  How can i reverse lookup their IP addresses using their know Mac address if i am on a different subnet that they are on?
0
Comment
Question by:dozero
  • 10
  • 7
  • 6
  • +3
29 Comments
 
LVL 3

Assisted Solution

by:_anom_
_anom_ earned 125 total points
Comment Utility
The IP address may or may not be in your arp table (open up a command prompt and type arp -a).  However, you can assign it whatever IP address you wish by opening up a command prompt and typing          arp -s ip.add.re.ss ma-ca-dd-re-ss-11

example: to assign 192.168.0.4 to mac address 00-0F-1F-0E-AB-22

open up a command prompt (start-->run-->"cmd")

and type

arp -s 192.168.0.4 00-0F-1F-0E-AB-22

you should then be able to communicate with the device by it's IP (in this example 192.168.0.4)

Cheers
0
 

Author Comment

by:dozero
Comment Utility
I am on a different subnet than it is though.  will it not try and go through it's default gateway when it sees my ip address is out of it's subnet range?  or can it tell i am on the local net and not bother with it's gateway?

I tried your suggestion but was unable to ping or access the device after assigning it an ip address locally.  However, i am not 100% certain that the device will respond even if i can successfully determine it's IP address.
0
 
LVL 3

Expert Comment

by:_anom_
Comment Utility
Is the IP address you assigned to it a valid, unused IP address on the other subnet (the subnet containing the device)?  W/o assigned it an IP address like that it may not be routed correctly...

Cheers
0
 

Author Comment

by:dozero
Comment Utility
no, it's an unassigned IP on my known subnet.  I haven't a clue what subnet it is on.  Just that it is using a different one than the rest of the network.  I am using 192.168.0.1-255 and it may be using a 10.x.x.x  or 169.x.x.x range of some sorts.
0
 
LVL 3

Expert Comment

by:_anom_
Comment Utility
Try contacting it with an IP address on its own subnet (surely you know an IP of another device on its subnet? i hope?)
0
 
LVL 2

Expert Comment

by:jose_ramirez
Comment Utility
dozero,
what switch do you have? model....
0
 

Author Comment

by:dozero
Comment Utility
nope, don't know it's subnet or the other three hubs on that same subnet.  It is an unknown subnet and that's what i am trying to figure out.
0
 
LVL 3

Expert Comment

by:_anom_
Comment Utility
Can you plug a laptop or something into one of them and then do it from there?
0
 

Author Comment

by:dozero
Comment Utility
I am plugged into it, but i don't know what subnet it is running :-)
0
 

Author Comment

by:dozero
Comment Utility
Oh, hi Jose, didn't notice your post.  They are 3Com superstack II dual speed hubs and one Superstack 3 switch
0
 
LVL 3

Expert Comment

by:_anom_
Comment Utility
Oh, well if you are plugged straight into it and try to communicate with it using an IP address on the same subnet as your computer... it *should* work... beyond that, i dunno...

Cheers
0
 

Author Comment

by:dozero
Comment Utility
So you are saying that if i am physically located on the same network as the device but using a different subnet with a different subnet mask and different default gateway as the device that i should still be able to communicate with it because it can sense it doesn't have to go through a router to reach me because i'm local ?
0
 
LVL 3

Expert Comment

by:_anom_
Comment Utility
I think that's how it should work (if by physically located on the same network you might physically plugged into the switch with which you are trying to communicate).
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:dozero
Comment Utility
hmmmm, i will give that a try with another computer i have.  I will assign it a different IP subnet and try your suggestion.  That way i can confirm it's a problem with my switch and prove your suggestion works.  Then i can work on fixing my switch problem if it confirms.

thanx.
0
 
LVL 2

Expert Comment

by:jose_ramirez
Comment Utility
dozero,
here is the link where you can download software for administration and documentation about 3Com superstack II dual speed hubs, why don´t you download software and documentation?
http://www.3com.com/products/en_US/detail.jsp?tab=support&pathtype=support&sku=3C16610-US
Jose
0
 
LVL 5

Expert Comment

by:AutoSponge
Comment Utility
Check the owner's documentation for the ability to pram the device--wiping any configured settings out and going back to factory defaults.  Then check for the factory default IP in the manual.  Reconfigure from scratch.
0
 
LVL 3

Expert Comment

by:TRobertson
Comment Utility
I would try arp'ing to it.
Or connect a pc + sniffer and watch for its traffic.  With a sniffer you should be able to track the data from the mac adress, then configure your pc to the same subnet as the switch so you can manage it..
0
 
LVL 8

Expert Comment

by:holger12345
Comment Utility
1) If you send a ping 255.255.255.255 while beeing physically connected... try to listen with a sniffer who answers!

2) Just hack the IP... htere are thousands of IP-scanners in the world for example http://www.angryziber.com/ipscan/ ... just enter the complete private network-range i.e. 10.0.0.0 - 10.255.255.255 and 192.168.0.0 - 192.168.255.255 ... and you should get answers more than you want :)

Good Luck
Holger
0
 
LVL 8

Expert Comment

by:holger12345
Comment Utility
uuu i forgot: just like trobertson said... you should read the arp-table afterwards... after u have pinged it, the arp-table should be filled.

NOTE: you must be DIRECTLY connected to the device, if you want the MAC-adress of that specific device!

Holger
0
 

Author Comment

by:dozero
Comment Utility
i did a test setup with a win2k box that's also plugged into the switch.  I changed it's ip address from 192.168.0.99 to 10.1.1.1 .   Then i added it's mac address and the ip address 192.168.0.28 (an unassigned ip) to my arp table in my other computer.  It was not able to ping it, destination unreachable.  So i added the mac address of my first computer the computer i changed the ip address to 10.1.1.1 and assigned it 10.1.1.2 .   This time i received a timeout instead of the destination unreachable, but was still unsuccessful at pinging it.  

I placed a sniffer on the network and the only traffic i could see from the computer i changed to 10.1.1.1 was 10.1.1.1:138 to 10.1.1.255:138 UDP and i assume this is because its running win2k.  It never generated any traffic while i was trying to ping it or ping from it.

0
 
LVL 8

Accepted Solution

by:
holger12345 earned 125 total points
Comment Utility
hmmm.. i really don't understand your test-setup...

Lets play around with some configs and what will happen:
1) ping from 10.1.1.1 to 192.168.0.28
--> an arp-request will be send to anything willing to route the packet to the destination. If there's no router in the subnet of 10.1.1.0/24 pointing at 192.168.0.0/24 you'll get destination unreachable (as there IS no route even if you are directly connected!).

2) ping from 10.1.1.1 to 192.168.0.28 with a router inbetween
--> the arptable shows an entry like

Schnittstelle: 10.1.1.1 --- 0x10003
  Internetadresse       Physikal. Adresse     Typ
  192.168.0.28           00-c0-7b-ab-cd-ef    dynamisch

... but now what's the meaning? The physical adress (MAC) is the adress of the ROUTER, that defines the next hop to the destination.
Conclusion: If you are not on the same network, the IP and the MAC doesn't correspond to the same NIC !

3) You set the arptable yourself by doing i.e.
"arp -s 192.168.0.28  00-aa-00-62-c6-09"
--> This means, that the next-hop-recipient of a packet, that should go to 192.168.0.28 will be the NetworkInterfaceCard with the MAC-adress 00-aa-00-62-c6-09 ! And if this isn't true: you're LOST. You want to tell arp, not to trust it's request... so the destination won't be reachable as long as the router doesn't really have this MAC-adres or the arp-table is flushed

Hope that isn't too complex
Holger
0
 
LVL 8

Expert Comment

by:holger12345
Comment Utility
4) I forgot: switches are NO active network parts - they have no MAC-adress, since they don't route anything ... they are only smart cables and bindings. A bridge is an active layer2 equipement, as it looks at the MAC-adress of a packet to decide which Interface should be used to send forth the packet.
You may say, that a switch does this too... but a switch may per definitionem not change the sending MAC-adress inside the packet - it only uses the information to fill a short living table, where the MAC-adress resides, which port to use..... a switch itself is NOT adressable - if you use a mangeable switch, you have a management port that IS adresssable (as it is a NIC with an IP)

I hope this is all still the truth - but if you guys know more let me know

Holger
0
 
LVL 8

Expert Comment

by:holger12345
Comment Utility
... until now, the last word was given by me... so i have nothing to add - but points
0
 

Author Comment

by:dozero
Comment Utility
I never got to fully test the last configuration example that Holger suggested.  I will give it a go and then resolve this question.
0
 
LVL 8

Expert Comment

by:holger12345
Comment Utility
Even if i see, that there is no solution until now - i'm not willing to see my proposals written for nothing...
If they don't fit the solution - well then it's my problem - but if not and we only don't know of, i'd like to get the points for my effort...

regards Holger
0
 

Author Comment

by:dozero
Comment Utility
My appologies Holger, A for effort and i see no reason your solution shouldn't have worked for me.  
0
 
LVL 8

Expert Comment

by:holger12345
Comment Utility
Thx for this opinion and your points .. ;-)
Holger
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now