You're working in the command line and need to look up the vendor/manufacturer of a MAC address. Here's one way to do this. Make a request to the site macvendorlookup.com using the --data parameter to see dump the content to stdout, like so:
curl --data --url www.macvendorlookup.com/api/v2/00:22:90:9d:d6:b9
[{"startHex":"002290000000","endHex":"002290FFFFFF","startDec":"148444807168","endDec":"148461584383","company":"CISCO SYSTEMS, INC.","addressL1":"170 W. TASMAN DRIVE","addressL2":"M\/S SJA-2","addressL3":"SAN JOSE CA 95134-1706","country":"UNITED STATES","type":"MA-L"}]
What if you need to find the MAC addresses of a host in the first place? tshark will do that..
tshark -n -r packets1.pcap -T fields -e ip.src -e eth.src -Y 'ip.addr == 10.10.1.1'
To see the IP's and MAC addresses of the hosts your IP communicated with, just add those fields:
tshark -n -r packets1.pcap -T fields -e ip.src -e eth.src -e ip.dst -e eth.dst -Y 'ip.addr == 10.10.1.1'
Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
Tuesday, November 11, 2014
Wednesday, November 5, 2014
Security Distros
There is a comprehensive list of security distros, both active and retired at:
They also offer tutorials (http://www.securitydistro.com/security-distros),
a rather barebones tools page (http://www.securitydistro.com/security-tools)
and an events page (http://www.securitydistro.com/security-events).
Fyodor’s SecTools Top 125 is a much better page, in my opinion, for tools (http://sectools.org/) .
Subscribe to:
Posts (Atom)