This is a CL util I wrote (in C) a long time ago, but update with the latest OUI every year or so. It scans a subnet via ARP WhoHas and spits out the IP address, MAC address, name (DNS falling back to NetBIOS if it can) and MAC Vendor. Ouputs in CSV.
It's dual-use technology of the mild kind e.g. a nix/bsd equivalent might get run as part of the initial information gathering phase of a on-site pen-test. That's because ARP tends to get responses when ping is firewalled and the vendor name can sometimes be be enough to tell you exactly what kind of device is sitting at some IP address.
I use it now and again when I'm in a hurry to legitimately understand what's kicking about on someone else's network. YMMV, but it *might* be helpful if you want to track down the odd rogue machine or IP address conflict.
Just run without a command line argument for the usage. Remember this uses ARP so don't bother scanning any IP addresses that are not part of the host machine's subnet(s).
Last edited by PiqueABoo; 1st March 2008 at 08:19 PM.
Thanks for this. Looks like it could be useful
There is another little app, Colasoft Mac Scanner that does the same sorta thing... version 1 is freeware and looks up MAC/IP addresses, hostnames and NIC vendors... version 2 does more stuff but isn't free....
Great little utility - I especially like the clue it gives to you as to what sort of device is using the IP address
There are currently 1 users browsing this thread. (0 members and 1 guests)