Options
Find IP address via MAC address (RARP)?
nimrod.sixty9
Banned Posts: 125 ■□□□□□□□□□
in Off-Topic
Today I was changing a port on a 2950 to another VLAN. This VLAN is quite locked down, so it came as a surprise that someone is already using that VLAN on that switch. I want to be able to find out who. If I can just get the IP, I can use nslookup and get the DNS, from there I can use AD. I prefer not to use any third party app if at all possible. TIA
Comments
-
Optionsundomiel Member Posts: 2,818Ping the broadcast address and do an arp -a, that should get you a list address to comb through.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
-
OptionsGT-Rob Member Posts: 1,090If you have a router on that network (the gateway?), it should be in the arp table. Get the mac from the access switch (show mac-add int fa1/0/1), then look for that mac in the arp table (sh arp | inc 0000.1234.1234).
Or put your computer in that vlan if you can and do like above. -
Optionsdemonfurbie Member Posts: 1,819you can use nmap to scan a range of ips.. just scan them all and then you get a list
if its the only person on that vlan you should be able to narrow it down quicklywgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
OptionsDevilsbane Member Posts: 4,214 ■■■■■■■■□□Ping the broadcast address and do an arp -a, that should get you a list address to comb through.
I didn't think you could ping a broadcast.Decide what to be and go be it. -
Optionsnimrod.sixty9 Banned Posts: 125 ■□□□□□□□□□I get 'Destination specified in invalid'. Arp table just shows the gateway.
I do not have access to the router so that one is out.
Looks like Ill have to do NMAP -
Optionsnimrod.sixty9 Banned Posts: 125 ■□□□□□□□□□Devilsbane wrote: »I didn't think you could ping a broadcast.
Guess thats why I get the above error lol -
Optionsdemonfurbie Member Posts: 1,819you could also use
Ping Range - Free software downloads and software reviews - CNET Downloads
has a nice gui
nmap is mostly command linewgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
Optionsccnxjr Member Posts: 304 ■■■□□□□□□□was that IP adddress assigned through DHCP?
If so you maybe able to scan your dhcp leases for a matching IP.
Not sure if this was in a cisco works utility?
can you do
router#sh ip dhcp binding
or search your DHCP leases on your DHCP server? -
OptionsForsaken_GA Member Posts: 4,024If you have a router on that network (the gateway?), it should be in the arp table. Get the mac from the access switch (show mac-add int fa1/0/1), then look for that mac in the arp table (sh arp | inc 0000.1234.1234).
Or put your computer in that vlan if you can and do like above.
Rob has the right of it. You should just be able to check the router.
However, I'm curious if there's an issue here at all. Did you actually verify there was a port up in that vlan on the switch? All you said was that the vlan was already active on the switch, not that there was a port active.
If this switch acts as a transit path for that vlan in anyway, then the vlan has to be defined on the switch so traffic can pass on it's trunks. By the same token, if the vlan is active, and there's no actually an live port in that vlan on that switch, you're chasing ghosts. -
Optionsnimrod.sixty9 Banned Posts: 125 ■□□□□□□□□□Forsaken_GA wrote: »Rob has the right of it. You should just be able to check the router.
However, I'm curious if there's an issue here at all. Did you actually verify there was a port up in that vlan on the switch? All you said was that the vlan was already active on the switch, not that there was a port active.
If this switch acts as a transit path for that vlan in anyway, then the vlan has to be defined on the switch so traffic can pass on it's trunks. By the same token, if the vlan is active, and there's no actually an live port in that vlan on that switch, you're chasing ghosts.
Yes, I verified that the port is up. Didnt realize my wording was incomplete. VLAN is defined on the switch and the port is live. Set the one up today and its working great.
Again, I do not have access to the router so I cant go that route... I will check out NMAP soon; could also be useful for PCI compliance. -
Optionsnimrod.sixty9 Banned Posts: 125 ■□□□□□□□□□demonfurbie wrote: »you could also use
Ping Range - Free software downloads and software reviews - CNET Downloads
has a nice gui
nmap is mostly command line
Thank for the recommendation. NMAP is quite widely used so I think Ill stick to that. -
Optionsdemonfurbie Member Posts: 1,819nimrod.sixty9 wrote: »Thank for the recommendation. NMAP is quite widely used so I think Ill stick to that.
yea i use nmap but some people like optionswgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
Optionsundomiel Member Posts: 2,818Devilsbane wrote: »I didn't think you could ping a broadcast.
You can though you may or may not receive a response depending upon the rules configured for that network.Jumping on the IT blogging band wagon -- http://www.jefferyland.com/ -
OptionsMentholMoose Member Posts: 1,525 ■■■■■■■■□□If you can't find the IP you can at least get an idea of what the device is from the MAC address by checking the company it's registered to.
http://standards.ieee.org/develop/regauth/oui/oui.txtMentholMoose
MCSA 2003, LFCS, LFCE (expired), VCP6-DCV -
OptionsForsaken_GA Member Posts: 4,024nimrod.sixty9 wrote: »Yes, I verified that the port is up. Didnt realize my wording was incomplete. VLAN is defined on the switch and the port is live. Set the one up today and its working great.
Again, I do not have access to the router so I cant go that route... I will check out NMAP soon; could also be useful for PCI compliance.
Someone has access to the router. Is it really that difficult to get ahold of them, give them the mac address, and then ask them to give you the IP?
For that matter, if you know which physical port it's on, do you not have a wiring map showing where that port physically terminates? Or is there at least a description on the interface that may identify it?
If the answer to all of these questions is no, whoever manages your internal network needs a kick in the ass -
OptionsCompuTron99 Member Posts: 542Just do what my manager does... Shut down the port and see who yells.
-
Optionsnimrod.sixty9 Banned Posts: 125 ■□□□□□□□□□You can though you may or may not receive a response depending upon the rules configured for that network.
Looks like we are configured to not allow this.MentholMoose wrote: »If you can't find the IP you can at least get an idea of what the device is from the MAC address by checking the company it's registered to.
http://standards.ieee.org/develop/regauth/oui/oui.txt
Unfortunately we are standardized, so they will all be the same LOLForsaken_GA wrote: »Someone has access to the router. Is it really that difficult to get ahold of them, give them the mac address, and then ask them to give you the IP?
For that matter, if you know which physical port it's on, do you not have a wiring map showing where that port physically terminates? Or is there at least a description on the interface that may identify it?
If the answer to all of these questions is no, whoever manages your internal network needs a kick in the ass
Yes, he is extreamly busy. I was just looking to do this on my own. I have recently made a full visio lay out of all of our property with all jacks and numbers. Still have to add switches but too much of a mess to add on what is actually patched. Maybe Ill work on that part in the future. I manage the internal network, Im still here all by my lonesome. A lot has dropped on me and this is me trying to keep us up and moving forward.CompuTron99 wrote: »Just do what my manager does... Shut down the port and see who yells.
Halarious, I could do this if I wasnt so worried about the damned port coming back up. Damned glitchy port security! -
Optionsnimrod.sixty9 Banned Posts: 125 ■□□□□□□□□□demonfurbie wrote: »you could also use
Ping Range - Free software downloads and software reviews - CNET Downloads
has a nice gui
nmap is mostly command line
You sir, are full of awesome. I decided to give it a try and I absolutely love it. Found it in seconds. On top of that I now have a nice CSV of all MAC addresses with DNS names, excellent for wake on LAN. -
Optionspeter_ivanov Registered Users Posts: 1 ■□□□□□□□□□This tool scan network and lists IP/MAC addresses and other information for every connected network device: Trogon MAC Scanner
Can save scan results into the txt, csv, xml -
Optionschopsticks Member Posts: 389I thought it might be a good idea to get approval from your management first before you do mass port scan on your company networks. In some instances, it may be even illegal to do so without first obtaining an approval. Just my two-cent.
-
Optionsnimrod.sixty9 Banned Posts: 125 ■□□□□□□□□□chopsticks wrote: »I thought it might be a good idea to get approval from your management first before you do mass port scan on your company networks. In some instances, it may be even illegal to do so without first obtaining an approval. Just my two-cent.
Im not doing port scans. Just one single ping. And I am the Management for right now...