Jump to content

Get mac address of connected TCP client

james3mg
 Share

Recommended Posts

james3mg Universalist

james3mg

Posted
Posted

Hey all,

I'm trying to figure out a better method than IP addresses to try and uniquely identify client computers connected to my script via TCP...I'd like to be able to find the mac address of the client whenever a socket is connected. I know that mac addresses can be easily spoofed, but it's better than IP addresses which are nearly guaranteed to change :P

I'm sure it's got to be available somehow, since mac addresses are a key component to how TCP packets get to their destination, but I'm not sure if/how it may be exposed at the script level. I'm sure it'll take a DLL struct like the GetIP functions floating around on the forums, but I sure as heck don't know what!

Thanks

"There are 10 types of people in this world - those who can read binary, and those who can't.""We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true." ~Robert Wilensky0101101 1001010 1100001 1101101 1100101 1110011 0110011 1001101 10001110000101 0000111 0001000 0001110 0001101 0010010 1010110 0100001 1101110
Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

Hey all,

I'm trying to figure out a better method than IP addresses to try and uniquely identify client computers connected to my script via TCP...I'd like to be able to find the mac address of the client whenever a socket is connected. I know that mac addresses can be easily spoofed, but it's better than IP addresses which are nearly guaranteed to change :P

I'm sure it's got to be available somehow, since mac addresses are a key component to how TCP packets get to their destination, but I'm not sure if/how it may be exposed at the script level. I'm sure it'll take a DLL struct like the GetIP functions floating around on the forums, but I sure as heck don't know what!

Thanks

Run("arp -a " & @IPAddress1 & " > C:\Temp\ArpData.txt")

If you feel geeky, you could catch the output with $STDOUT_CHILD and StdOutRead().

:unsure:

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
james3mg Universalist

james3mg

Posted
  • Author
Posted (edited)

Run("arp -a " & @IPAddress1 & " > C:\Temp\ArpData.txt")

If you feel geeky, you could catch the output with $STDOUT_CHILD and StdOutRead().

:P

OK, never used ARP, so forgive me if I don't understand.

Let's say I run this script:

TCPStartup()
$ListenSocket=TCPListen("0.0.0.0",80)
While 1
  $socket=TCPAccept($ListenSocket)
  If $socket < 0 OR @error Then ContinueLoop
  $recv=""
  Do
    $tmp=StringLen($recv)
    $recv&=TCPRecv($socket,1024)
  Until $tmp=StringLen($recv) AND $tmp>0 AND StringRight($recv,1)=@LF
  ConsoleWrite($recv);proves the client is connected, has sent data, and is waiting for data to be sent back
  MsgBox(0,"hi","Script is paused...run arp!");stops the script in its' tracks so the client stays connected)
  TCPCloseSocket($socket)
WEnd

Now I navigate to http://localhost, or navigate to http://[ipaddress] from another machine on the network. When the message box pops up, I have an active TCP client connected through a socket. I want to find the mac address of this client, so I open up a commandline window and type "arp -a 10.1.1.100". I see, "No ARP entries found". If I just run "arp -a", I see a bunch of entries, but they all refer to stuff on MY machine, not the client's.

What am I doing wrong?

Edited by james3mg
"There are 10 types of people in this world - those who can read binary, and those who can't.""We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true." ~Robert Wilensky0101101 1001010 1100001 1101101 1100101 1110011 0110011 1001101 10001110000101 0000111 0001000 0001110 0001101 0010010 1010110 0100001 1101110
Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

OK, never used ARP, so forgive me if I don't understand.

Let's say I run this script: 

TCPStartup()
$ListenSocket=TCPListen("0.0.0.0",80)
While 1
  $socket=TCPAccept($ListenSocket)
  If $socket < 0 OR @error Then ContinueLoop
  $recv=""
  Do
    $tmp=StringLen($recv)
    $recv&=TCPRecv($socket,1024)
  Until $tmp=StringLen($recv) AND $tmp>0 AND StringRight($recv,1)=@LF
  ConsoleWrite($recv);proves the client is connected, has sent data, and is waiting for data to be sent back
  MsgBox(0,"hi","Script is paused...run arp!");stops the script in its' tracks so the client stays connected)
  TCPCloseSocket($socket)
WEnd

Now I navigate to http://localhost, or navigate to http://[ipaddress] from another machine on the network. When the message box pops up, I have an active TCP client connected through a socket. I want to find the mac address of this client, so I open up a commandline window and type "arp -a 10.1.1.100". I see, "No ARP entries found". If I just run "arp -a", I see a bunch of entries, but they all refer to stuff on MY machine, not the client's.

What am I doing wrong?

You need to run that on the machine you want the MAC address for. Alternatively, you could use WMI to connect remotely and pull the MAC from the remote interface object. Either way, you need perms to run something on the remote machine.

Now, this assumes the other machine is not on your local network segment (which it must not be if it didn't show up in your local ARP table). If you simply send an ARP request for the IP address, the MAC you get back will be from your router's gateway interface, because that is the next hop towards reaching the remote IP. You can't ignore all the other interfaces (ISP routers, etc.) between your computer and the remote, and just get the MAC on the remote machine with an ARP request.

Layer 2 addressing (MAC) is only intended for use within the local network segment. It is not meant to be "routed". That gets done by layer 3 (IP addressing).

:P

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
james3mg Universalist

james3mg

Posted
  • Author
Posted

You need to run that on the machine you want the MAC address for. Alternatively, you could use WMI to connect remotely and pull the MAC from the remote interface object. Either way, you need perms to run something on the remote machine.

Now, this assumes the other machine is not on your local network segment (which it must not be if it didn't show up in your local ARP table). If you simply send an ARP request for the IP address, the MAC you get back will be from your router's gateway interface, because that is the next hop towards reaching the remote IP. You can't ignore all the other interfaces (ISP routers, etc.) between your computer and the remote, and just get the MAC on the remote machine with an ARP request.

Layer 2 addressing (MAC) is only intended for use within the local network segment. It is not meant to be "routed". That gets done by layer 3 (IP addressing).

:P

Hmmm...I must have had the wrong idea of mac addresses- I thought that was how TCP/IP traffic found the ultimate end point. What you say makes sense though. I'll look for something else :unsure:

Thanks

"There are 10 types of people in this world - those who can read binary, and those who can't.""We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true." ~Robert Wilensky0101101 1001010 1100001 1101101 1100101 1110011 0110011 1001101 10001110000101 0000111 0001000 0001110 0001101 0010010 1010110 0100001 1101110
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...