From: Dario Ciccarone (dciccaro) (dciccaro@cisco.com)
Date: Sun Dec 04 2005 - 14:35:05 EST
I agree with Thor here - what are you trying to accomplish here? Why
don't just check your IP address/network mask (if you're located on the
same L2 network as your target), and then start ARPing (not 'arping',
mind you) for all the other addresses on the same range? Match source
MAC to your desired MAC, and will find out the IP address assigned to
that MAC.
Caveat: there could be more than one L3 network running on the same L2
network - and you would need to repeat the process for every L3 network
you want to find the remote IP address for.
Technical note: there *is* actually an RFC to do what you want to do -
RFC-2390, 'Inverse Address Resolution Protocol'. While it is not
dependant on the underlying L2 technology in use, AFAIK it has only been
implemented on ATM and Frame Relay networks - so, out of luck here.
Personal note: it seems you got some answers suggesting for you to get
an book on OSI and layers, and how the whole thing works. Don't take it
as an affront, but as a general suggestion that might help you down the
road. One such 'free' book that I wholeheartedly recommend is "TCP/IP
Tutorial and Technical Overview", a RedBook from IBM, which you can
download for free from
http://www.redbooks.ibm.com/abstracts/gg243376.html?Open - I keep a copy
all the time on my notebook, and has helped me to look up some concepts
while away from the office and without access to my Comer or Stevens
copy :)
Thanks,
Dario
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
> Sent: Sunday, December 04, 2005 4:58 AM
> To: Roni Bachar; pen-test@securityfocus.com
> Subject: Re: Ping a mac address
>
> > I guess I didn't explain my self good.
> > What I want is tool that i can do:
> > Ping 00:0F:EA:8C:FC:5A
> >
> >
> > And in return get the ip of this mac
>
> You might want to explain exactly what you are trying to
> accomplish in more
> detail: as in "Why?"
>
> ARP resolution of the MAC to the actual IP will only work if
> you are on the
> same subnet as the host--otherwise you'll get the default
> gateway's MAC when
> resolving the IP address. Given that, if the host *is* on
> the same subnet,
> and you want to reach it, it doesn't really matter what IP
> address is bound
> to the adapter-- you can just add a static ARP entry on the
> local system to
> assign the MAC to whatever "in-network" IP you want, whether
> it's the "real"
> IP or not...
>
>
> t
>
>
> --------------------------------------------------------------
> ----------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking
> applications on your
> website. Up to 75% of cyber attacks are launched on shopping
> carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are
> futile against web application hacking. Check your website
> for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks
> before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------
> -----------------
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:14 EDT