[TriLUG] finding a MAC address
Greg Brown
gwbrown1 at gmail.com
Fri Aug 15 11:43:15 EDT 2008
Check the first 3 octets of the mac address, copy them and look up the
manufacture on the Internet. This will give you a start as you'll know who
made the card, unless someone was clever enough to overwrite their MAC
address.
Greg
On Fri, Aug 15, 2008 at 11:40 AM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
> On Fri, 15 Aug 2008, Christopher L Merrill wrote:
>
> > Shawn Taylor wrote:
> >> How did you find out there was an issue?
> >
> > Our VOIP provider blacklisted us as a result of the alleged activity :(
>
> this is a layer 2 problem
>
> o there is no IP as shown by arp -a
>
> o the box is tftp'ing, presumably trying to get a kernel to
> boot from. What boxes have gone down (crashed) lately and
> are trying to reboot over ethernet? Do you have a deranged
> wap or other embedded box?
>
> layer 3 tools aren't going to do it. There are 2 different
> arping programs. The one based on iproute2 is a layer 3
> ping. The one by Habets
>
> http://www.habets.pp.se/synscan/programs.php?prog=arping
>
> has a layer 2 ping. If the device responds (apparently it
> doesn't have to), you can then start pulling ethernet cables
> till you find the offending box.
>
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
>
More information about the TriLUG
mailing list