Tuesday, November 11, 2014

MAC Address Lookup

You're working in the command line and need to look up the vendor/manufacturer of a MAC address. Here's one way to do this. Make a request to the site macvendorlookup.com using the --data parameter to see dump the content to stdout, like so:

curl --data --url www.macvendorlookup.com/api/v2/00:22:90:9d:d6:b9

[{"startHex":"002290000000","endHex":"002290FFFFFF","startDec":"148444807168","endDec":"148461584383","company":"CISCO SYSTEMS, INC.","addressL1":"170 W. TASMAN DRIVE","addressL2":"M\/S SJA-2","addressL3":"SAN JOSE CA 95134-1706","country":"UNITED STATES","type":"MA-L"}]

What if you need to find the MAC addresses of a host in the first place? tshark will do that..

tshark -n -r packets1.pcap -T fields -e ip.src -e eth.src -Y 'ip.addr == 10.10.1.1'

To see the IP's and MAC addresses of the hosts your IP communicated with, just add those fields:

tshark -n -r packets1.pcap -T fields -e ip.src -e eth.src -e ip.dst -e eth.dst -Y 'ip.addr == 10.10.1.1'

No comments:

Blog Archive