Ethereal-users: Re: [Ethereal-users] Resolve MAC addresses

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Jerry W. Lundy" <jwlundy@xxxxxxxxx>
Date: Thu, 24 Jan 2002 15:04:54 -0600
Greetings.

I have no suggestions for Win32 utilities. Sorry.

Under FreeBSD the utility arping can send an ICMP echo to a MAC address
on a locally attached network. 

We also run arpwatch on critical subnets to provide historical MAC
information (over a year's worth). This is very useful for tracking the
changes in a MAC's IP address over time. This provides us with
sufficient information for any additional investigative scanning we may
perform. The arpwatch databases from individual subnets can be merged to
track a computer's wanderings across subnets as well. 

No solution works in all cases: some boxes grab an IP address with no
relation to the logical network configuration. As such, they may not be
able to reply due to a percieved lack of routes. (They should still show
up in an arpwatch database, however.)

Cheers,

Jerry Lundy