how to get the MAC address of an IP

Discuss Networking
Post Reply
User avatar
Basher52
guru
guru
Posts: 922
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

how to get the MAC address of an IP

Post by Basher52 » Thu Jun 11, 2009 2:04 pm

It was so long ago I did this so I've forgotten it :P
The last 4 weeks some dude or dudette has installed a DIR-615 router and put it out publicly :(
First of all it spews out crap that fills my iptables log with just that, crap
secondly, when my gateway was down, you might remember that I asked how to fix it like a week ago, had to grub-install to fix it, I had to put my "main" machine on the net without my gateway/firewall thus making this dang thing to install a hardware "thingy" on this PC.
The next time I rebooted it it installed it again even though I can't use it because it says it can't be reached.

Now I need to now the MAC address of this "crap" to tell my ISP what MAC it has so I can report it as... spam or wutever.

I did this at least 4 or times before but it was like 1,5 years ago and I totally forgot how to do it.

I know I need to set a virtual NIC up for that "network" is uses, the IP is: 10.16.201.24 and I know after that I can ARP it and get the MAC address.
I jst forgotten how to.

Can any of you help out?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Jun 11, 2009 3:17 pm

I'm not sure I follow. Is the MAC address you need on the public interface on the DIR-615 router which is currently assigned the IP address 10.16.201.24? Can you not log into the router itself? If not just plug a cable between your Linux box and the public interface on that box, set your linux interface to an address on the same network and ping it. Sniff with wireshark or look at your arp table. But if you can log into the device you should be able to use its interface to get the MAC address.

User avatar
Basher52
guru
guru
Posts: 922
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Thu Jun 11, 2009 3:22 pm

Well I can't plug into it since it ain't mine.
someone?!? :( did this some weeks ago and I'm starting to get annoyed :(
the IP is what I said but I do can use that IP in a browser to see the login page, but the default password for the default user ain't working.
I think they where smart enough to change that or i sure HAVE logged into it and stopped this mess.

I need to set a virtual NIC up on the same "network"(subnet) as this dude uses thus making me able to ARP the IP.


or?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Jun 11, 2009 3:44 pm

Or insert a hub between the port on the device you are talking about and whatever it's currently plugged into. Then plug your Linux box into that hub, bring up your ethernet interface (you don't even need an IP assigned to it) and run Wireshark and watch for the IP address in question. The MAC address will be listed in the packet associated with the IP address you are looking for.

User avatar
Basher52
guru
guru
Posts: 922
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Thu Jun 11, 2009 4:08 pm

hmm, either I don't get you or you don't get me :P
This "box" is not within my reach, like I have no clue where it is.
SOMEONE, I don't know who in this building(or nearby) has done this so I can't plug anything into it.

A Pal of mine showed me how to do this like 2 years ago, but I haven't done it in a year IK think so I'¨ve forgotten it.
And when i did that I didn't have to be "near" it just create a virtual NIC and set that NIC to the same "network" as the "thing" and thereby get it's MAC address.


Think we ain't talking the same language here lol

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Jun 11, 2009 6:20 pm

If this device is on the other side of a router (on a different IP subnet) then there is nothing you can do with a "virtual nic" (whatever that is) and setting it to an address on the same network as the device will not work because the router will not pass the traffic back to you because it knows where each network should be. You could try to nmap (or even "arp -a" after pinging) but that will not work if the interface is not on the same subnet (a routing device between you). You can only get the MAC address from a machine on the local subnet (unless it will tell you it's mac address when asked like a Windows host will do via SMB).

User avatar
Basher52
guru
guru
Posts: 922
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Fri Jun 12, 2009 1:29 pm

well it may be on the same subnet but I think this dude has just made the error of putting the cables wrong, thus putting the "inside" of this router on the outside, hence listing the "other" subnet.


btw... Virtual NIC...
NIC as in Network Interface Card
and Virtual as the eth1_1 etc

get it :P

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Fri Jun 12, 2009 1:57 pm

There is no such thing as eth1_1 (although you could set the name of a regular interface to that instead of eth1 but that doesn't give you any extra functionality, it's just a different name). You can configure an eth1:1 which is a "sub interface" or you could configure an eth1.1 which is a VLAN interface. I have a feeling you are referring to a sub interface but that doesn't buy you anything if you are on the same subnet and if you are not on the same subnet the router will not pass the traffic so I have no idea what your buddy told you to do but I can't imagine anything you describe actually working. I would be interested to hear the explanation if you ever get it. ;)

User avatar
Basher52
guru
guru
Posts: 922
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Fri Jun 12, 2009 2:05 pm

oh yeah, forgot it was supposed to be a colon not an underscore, sorry
I'm gonna ask him again about this, but I stopped asking him because he thinks I'm boring just asking about Linux all the time lol

I'll be back, can't say when though...

User avatar
Basher52
guru
guru
Posts: 922
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Thu Jun 18, 2009 2:27 am

As I thought the NIC was on the same network so I got the MAC address with all this:

ifconfig eth0:0 10.16.201.200 netmask 255.255.255.0
ping 10.16.201.24
arp -an <- this listed the MAC address
and finally: ifconfig eth0:0 down

Then I sent a mail to my ISP to let them know.
Haven't heard anything from them but the logs are now clean :D


thx :D

Post Reply