Jump to content

Find an IP from MAC


Ejoc
 Share

Recommended Posts

So I have an odd situation, and I'm trying to make things alittle easier. My WAP is acting oddly, and inorder to get it working I had to change from a Static IP to a Dynamic IP, it was bazzaar but I couldn't even ping it with the Static IP. So since I have MAC filtering and everyone I know has a laptop and brings it over at some point, I need to add their MAC address to the WAP. But now that its dynamic, it can take a while to track down what the Access Points' IP is so I can configure it.

So what I would like to do is make a script that basicly could take a known MAC address and find what it's IP address is.

Then I could do something simple like:

$ip = GetIPFromMAC("00-00-00-00-00-00")
Run(@ComSpec & ' /c START http://' & $ip,"",@SW_MINIMIZE)
Exit

Func GetIPFromMAC($mac)
;here is where im unsure
EndFunc

I guess I could manually ping all the IP's in my subnet then check my arp table, but it seems like that would be slow.... I dunno, I bet someone has a simple solution.

Thanks

Edited by Ejoc
Start -> Programs -> AutoIt v3 -> AutoIt Help File -> Index -> (The Function you are asking about)----- Links -----DllStruct UDFsRSA Crypto UDFs
Link to comment
Share on other sites

It doesn't have a hostname.

<{POST_SNAPBACK}>

It's an Acces Point not a computer, and does not have a hostname. Attempting to ping the AP results in :

Ping request could not find host WAP54G. Please check the name and try again.

Edited by Ejoc
Start -> Programs -> AutoIt v3 -> AutoIt Help File -> Index -> (The Function you are asking about)----- Links -----DllStruct UDFsRSA Crypto UDFs
Link to comment
Share on other sites

I'd just use a program like SuperScan:

http://www.snapfiles.com/get/superscan.html

In my case, to run a scan of 192.168.10.1 to 192.168.10.254 I'd Launch the program, click the "Me" button then click the "1..254" button then click "Start".

Use Mozilla | Take a look at My Disorganized AutoIt stuff | Very very old: AutoBuilder 11 Jan 2005 prototype I need to update my sig!
Link to comment
Share on other sites

Also, if you do a tracert to your default gateway (e.g. your DHCP server, router, broadband modem), the AP should be a hop along the route, so you could then immediately do an arp -a to dump the cached IP <-> MAC pairing for your PC and search for the MAC address in the output.

From a command prompt, try (assuming 192.168.0.1 is your gateway IP):

tracert 192.168.0.1

arp -a

...and see if your AP MAC address appears in the output.

If that works then you could run the commands with a script, capture the output of arp -a, match the line with your MAC address, then split the line to get your IP.

[Edit: Typo.]

Edited by DaveF

Yes yes yes, there it was. Youth must go, ah yes. But youth is only being in a way like it might be an animal. No, it is not just being an animal so much as being like one of these malenky toys you viddy being sold in the streets, like little chellovecks made out of tin and with a spring inside and then a winding handle on the outside and you wind it up grrr grrr grrr and off it itties, like walking, O my brothers. But it itties in a straight line and bangs straight into things bang bang and it cannot help what it is doing. Being young is like being like one of these malenky machines.

Link to comment
Share on other sites

Unfortunately it is only on the path if I'm going thru the wireless, which I'm not on my Desktop which is hardwired. I guess I'm going to have to either:

1) Ping all possible IP's via AutoIt then check arp -a

2) Get a command-line Nmap and Ping scan my Subnet then check arp -a

*SuperScan looks alot like Nmap, and I know you can do Command-Line Nmap, and its software I've used in the past at a job.

I was just hoping there was an easier approach.

Start -> Programs -> AutoIt v3 -> AutoIt Help File -> Index -> (The Function you are asking about)----- Links -----DllStruct UDFsRSA Crypto UDFs
Link to comment
Share on other sites

Well since I wanted to do this without installing a 3rd party app, I made this:

#cs
vi:ts=4 sw=4:

_GetIPFromMAC
Ejoc
Apr 10, 2005
#ce
#include <file.au3>


$ip = _GetIPFromMAC("00-0C-41-12-17-F0","192.168.1.100","192.168.1.150")
if $ip <> "" Then
    Run(@ComSpec & ' /c START http://' & $ip,"",@SW_MINIMIZE)
Else
    MsgBox(0,"Not Found","Could not find IP address")
Endif

Exit

;   _GetIPFromMAC
;   Arguments:
;       $mac         The MAC Address "00-00-00-00-00-00" or "00:00:00:00:00:00"
;       $IP_Start   Starting IP address
;       $IP_Stop    Ending IP address
;
;   Return Codes:
;       MAC Address / Not "" = Success
;       "" Failure
Func _GetIPFromMAC($mac, $IP_Start = "192.168.1.100", $IP_Stop = "192.168.1.150")
    Local $i,$szBaseAddr,$lpStart,$lpStop,$iA,$iB,$iC,$iBStart,$iBStop
    Local $iCStart,$iCStop,$lpArp,$szMAC,$lpIP

    $lpStart    = StringSplit($IP_Start,".")
    $lpStop     = StringSplit($IP_Stop,".")
    $szMAC      = StringReplace($mac,":","-")

; Mac sure the MAC is the right length
    if StringLen($szMAC) <> 17 Then Return ""

; Make sure the Start and Stop IP's are valid IP's
    If $lpStart[0] <> 4 Or $lpStop[0] <> 4 Then Return "" 

    For $i = 1 To 3
        if $lpStart[$i] < 0 Or $lpStart[$i] > 255 Then Return ""
        if $lpStop[$i] < 0 Or $lpStop[$i] > 255 Then Return ""
    Next

    if $lpStart[4] < 1 Or $lpStart[4] > 255 Then Return ""
    if $lpStop[4] < 1 Or $lpStop[4] > 255 Then Return ""

;Start looping thru the IP address'
    For $iA = $lpStart[2] To $lpStop[2]   ; 192.0.x.x -> 192.255.x.x
        if $iA <> $lpStart[2] Then     ; When you roll over to 192.1
            $iBStart    = 0            ; you need to start a 192.1.0.x
        Else
            $iBStart    = $lpStart[3]
        EndIf

        if $iA <> $lpStop[2] Then      ; if you are on 192.0.x.x
            $iBStop     = 255          ; you need to go all the way to
        Else                           ; 192.0.255.x
            $iBStop     = $lpStop[3]
        Endif
            
        For $iB = $iBStart To $iBStop   ; 192.0.0.x -> 192.0.255.x
            if $iB <> $iBStart Then
                $iCStart    = 1
            Else
                $iCStart    = $lpStart[4]
            Endif

            if $iB <> $iBStop Then
                $iCStop     = 255
            Else
                $iCStop     = $lpStop[4]
            Endif

            For $iC = $iCStart To $iCStop
                $szBaseAddr = $lpStart[1] & "." & $iA & "." & $iB & "." & $iC
                Ping($szBaseAddr,50)

           ;Check arp every 10 pings or when you are done
                if (Not Mod($iC,10)) Or ($iC = $iCStop) Then
                    RunWait(@Comspec & ' /c arp -a > "' & @TempDir & '\~arp.tmp"',"",@SW_MINIMIZE)
                    _FileReadToArray(@TempDir & '\~arp.tmp',$lpArp)
                    For $i = 1 To $lpArp[0]
                        If StringinStr($lpArp[$i],$szMAC) Then; Found it
                            $szIP   = StringLeft($lpArp[$i],StringinStr($lpArp[$i],$szMAC)-1)
                            $szIP   = StringStripWS($szIP,8)
                            Return $szIP
                        Endif
                    Next
                Endif; Check Arp
            Next; 192.168.1.X
        Next; 192.168.x.x
    Next; 192.x.x.x
    
    return ""; Didn't find it
EndFunc

_GetIPFromMAC.au3

Edited by Ejoc
Start -> Programs -> AutoIt v3 -> AutoIt Help File -> Index -> (The Function you are asking about)----- Links -----DllStruct UDFsRSA Crypto UDFs
Link to comment
Share on other sites

I've been tinkering with this, and now I have yet another reason to wish MS would just fall off the face of the planet. When I ping the network broadcast address (a.b.c.255 in most cases), every NON-MS device on my (wired) network responds (Cisco/3Com/Linux/NetGear). Under Linux ping, the extra responses are reported as duplicates but the ARP table immediately gets updated with all responses requiring only a single ping. Apparently the brain-surgeons over at MS however have decided that all ICMP response duplicates should be silently dropped at the protocol layer.

Using your code I can find my WAP in about 12 seconds. (Full subnet scan starting at 1, WAP just happens to be at 68 right now. Would be much fater if I only scanned my DHCP block.)

By making only two minor changes: adding a loop around the Ping function/ARP checking and a 250ms Sleep after the Ping, then calling the function with start = stop = a.b.c.255, I can find it in about 4 seconds.

Your way is obviously more reliable, an MS-WIN machine will never show up using my method, and a slow to respond device may never show up.

I'd be curious to know if your LinkSys responds to the broadcast ping.

On a side note, it seems like this is exactly what the 224.0.0.1 address should be for if you only look at RFC1700, but RFC1112 explains why it doesn't work. Sigh, it takes a genius to make a really good idea useless.

601DisengageEnd Program

Link to comment
Share on other sites

A ping a.b.c.255 only give's my my router sadly. I guess I'm not seeing(in my head) the change you made, could you post just that part so I see what you are doing, I'm curoius :)

Whoa I need to check RFC1700 and RFC1112 because ping 224.0.0.1 gave me the ip of my WAP :D Thanks for that heads up!

*EDIT

Ok I understand the change you made.

Edited by Ejoc
Start -> Programs -> AutoIt v3 -> AutoIt Help File -> Index -> (The Function you are asking about)----- Links -----DllStruct UDFsRSA Crypto UDFs
Link to comment
Share on other sites

A ping a.b.c.255 only give's my my router sadly.  I guess I'm not seeing(in my head) the change you made, could you post just that part so I see what you are doing, I'm curoius :)

Whoa I need to check RFC1700 and RFC1112 because ping 224.0.0.1 gave me the ip of my WAP :D  Thanks for that heads up!

<{POST_SNAPBACK}>

what kind of router? try ping -n 60 a.b.c.255 and see if the WAP shows up too.

My NetGear responds to 224.0.0.1 also even though RFC1112 clearly says it shouldn't. And 224.0.0.2 doesn't seem supported at all.

$szBaseAddr = $lpStart[1] & "." & $iA & "." & $iB & "." & $iC
                For $iPC = 0 To 100
                Ping($szBaseAddr,250)
                Sleep (250)

            ;Check arp every 10 pings or when you are done
                if (Not Mod($iC,10)) Or ($iC = $iCStop) Then
                    RunWait(@Comspec & ' /c arp -a > "' & @TempDir & '\~arp.tmp"',"",@SW_MINIMIZE)
                    _FileReadToArray(@TempDir & '\~arp.tmp',$lpArp)
                    For $i = 1 To $lpArp[0]
                        If StringinStr($lpArp[$i],$szMAC) Then; Found it
                            $szIP   = StringLeft($lpArp[$i],StringinStr($lpArp[$i],$szMAC)-1)
                            $szIP   = StringStripWS($szIP,8)
                            MsgBox (0, "Found", $iPC & " Pings")
                            Return $szIP
                        Endif
                    Next
                Endif; Check Arp
                Next

Edit: posted code. didn't fix indenting because, well, I just didn't.

Edited by Smed

601DisengageEnd Program

Link to comment
Share on other sites

Just to save you some digging here are the relevant parts:

From RFC1700:

INTERNET MULTICAST ADDRESSES

Host Extensions for IP Multicasting [RFC1112]specifies the

extensions required of a host implementation of the Internet Protocol

(IP) to support multicasting.  Current addresses are listed below.

224.0.0.0  Base Address (Reserved)                  [RFC1112,JBP]

224.0.0.1  All Systems on this Subnet                [RFC1112,JBP]

224.0.0.2  All Routers on this Subnet                        [JBP]

224.0.0.3  Unassigned                                        [JBP]

224.0.0.4  DVMRP    Routers                          [RFC1075,JBP]

224.0.0.5  OSPFIGP  OSPFIGP All Routers            [RFC1583,JXM1]

224.0.0.6  OSPFIGP  OSPFIGP Designated Routers      [RFC1583,JXM1]

224.0.0.7  ST Routers                              [RFC1190,KS14]

224.0.0.8  ST Hosts                                [RFC1190,KS14]

224.0.0.9  RIP2 Routers                                    [GSM11]

224.0.0.10 IGRP Routers                          [Dino Farinacci]

224.0.0.11 Mobile-Agents                            [bill Simpson]

224.0.0.12-224.0.0.255 Unassigned                            [JBP]

224.0.1.0  VMTP Managers Group                      [RFC1045,DRC3]

224.0.1.1  NTP      Network Time Protocol          [RFC1119,DLM1]

224.0.1.2  SGI-Dogfight                                      [AXC]

224.0.1.3  Rwhod                                            [sXD]

224.0.1.4  VNP                                              [DRC3]

224.0.1.5  Artificial Horizons - Aviator                    [bXF]

224.0.1.6  NSS - Name Service Server                        [bXS2]

224.0.1.7  AUDIONEWS - Audio News Multicast                [MXF2]

224.0.1.8  SUN NIS+ Information Service                    [CXM3]

224.0.1.9  MTP Multicast Transport Protocol                  [sXA]

224.0.1.10 IETF-1-LOW-AUDIO                                  [sC3]

224.0.1.11 IETF-1-AUDIO                                      [sC3]

224.0.1.12 IETF-1-VIDEO                                      [sC3]

224.0.1.13 IETF-2-LOW-AUDIO                                  [sC3]

224.0.1.14 IETF-2-AUDIO                                      [sC3]

224.0.1.15 IETF-2-VIDEO                                      [sC3]

224.0.1.16 MUSIC-SERVICE                        [Guido van Rossum]

224.0.1.17 SEANET-TELEMETRY                        [Andrew Maffei]

224.0.1.18 SEANET-IMAGE                            [Andrew Maffei]

224.0.1.19 MLOADD                                        [braden]

224.0.1.20 any private experiment                            [JBP]

224.0.1.21 DVMRP on MOSPF                              [John Moy]

224.0.1.22 SVRLOC                              <veizades@ftp.com>

224.0.1.23 XINGTV                                <hgxing@aol.com>

224.0.1.24 microsoft-ds                    <arnoldm@microsoft.com>

224.0.1.25 nbc-pro                      <bloomer@birch.crd.ge.com>

224.0.1.26 nbc-pfn                      <bloomer@birch.crd.ge.com>

224.0.1.27-224.0.1.255  Unassigned                          [JBP]

224.0.2.1  "rwho" Group (BSD) (unofficial)                  [JBP]

224.0.2.2  SUN RPC PMAPPROC_CALLIT                          [bXE1]

224.0.3.000-224.0.3.255 RFE Generic Service                [DXS3]

224.0.4.000-224.0.4.255 RFE Individual Conferences          [DXS3]

224.0.5.000-224.0.5.127 CDPD Groups                  [bob Brenner]

224.0.5.128-224.0.5.255 Unassigned                          [iANA]

224.0.6.000-224.0.6.127 Cornell ISIS Project          [Tim Clark]

224.0.6.128-224.0.6.255 Unassigned                          [iANA]

224.1.0.0-224.1.255.255  ST Multicast Groups        [RFC1190,KS14]

224.2.0.0-224.2.255.255  Multimedia Conference Calls        [sC3]

224.252.0.0-224.255.255.255 DIS transient groups    [Joel Snyder]

232.0.0.0-232.255.255.255  VMTP transient groups    [RFC1045,DRC3]

These addresses are listed in the Domain Name Service under MCAST.NET

and 224.IN-ADDR.ARPA.

Note that when used on an Ethernet or IEEE 802 network, the 23

low-order bits of the IP Multicast address are placed in the low-order

23 bits of the Ethernet or IEEE 802 net multicast address

1.0.94.0.0.0.  See the next section on "IANA ETHERNET ADDRESS BLOCK".

From RFC1112:

  The all-hosts group (address 224.0.0.1) is handled as a special case.

  The host starts in Idle Member state for that group on every

  interface, never transitions to another state, and never sends a

  report for that group.

601DisengageEnd Program

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...