Re: [fw-wiz] How to find hidden host within LAN

From: "Avishai Wool" <yash@xxxxxxx>
Date: Sun, 25 Nov 2007 22:12:04 +0200

The problem is that i'm not able to
identify this host within my LAN:
I can see his IP address (192.168.x.
y) and i can find his mac address througth ARP, but i can't ping it and

if you ping do you get something like "host unknown" (means ethernet
can't find the MAC) or or just no answer (he may have a firewall
dropping icmp) ?

there is no host within my lan with this Mac address.

that you know of...
FYI, changing MAC addresses is pretty easy, and if the host is a VM
then the internal MAC is totally emulated and software based...

I can't
traceroute it.
Can someone help me to find this hidden host?

I assume you don't have a fancy switch that lets you trace ethernet ports...

if he keeps transmitting, you can try the old "binary search": it's
disruptive but will work disconnect half your net and check which "side"
he's on. Repeat recursively ...

if your switch is not very dumb, and does not blindly forward every packet
on every port, you may be able to use a sniffer (ethereal) on different sides
of the switch to see where he's coming from(?)

Have fun,
Avishai

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

--
Avishai Wool, Ph.D., Co-founder and Chief Technical Officer
http://www.algosec.com
******* Firewall Management Made Smarter ******
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

References:
- [fw-wiz] How to find hidden host within LAN
  - From: desant1@xxxxxx

Prev by Date: Re: [fw-wiz] Cisco firewall appliance choice
Next by Date: Re: [fw-wiz] Firewalls that generate new packets..
Previous by thread: Re: [fw-wiz] How to find hidden host within LAN
Next by thread: [fw-wiz] Cisco firewall appliance choice
Index(es):
- Date
- Thread

Relevant Pages

Re: Ping and ARP on both Win and Linux in Python
... know their MAC addresses to do a list that contains host name, ... The first idea it's to ping all ip, parse the response and then execute ... Another way it's to open the main page of the switch and parse the HTML ... There are several Ping /ICMP implentations in Python. ...
(comp.lang.python)
RE: mac to ip address tools
... Say host A on your net is trying to communicate with host B. Host A ... needs to know the MAC address for host B (or the MAC address for the ... ARP replies are no good for you - those are ... About 100 machines using the same MAC address: ...
(Pen-Test)
Re: Sharing from Mac to PC on LAN
... sharing data bases in FileMaker is quick and easy .... ... my connection to the internet is on the Mac and I have ... The privileges for the folder with the databases has been set to no ... The PC is "seeing" the host MAC every time. ...
(comp.databases.filemaker)
RE: mac to ip address tools
... a linux/unix system so ymmv if you're on a windows host. ... specific MAC or the MAC from a particular vendor, ... Up to 75% of cyber attacks are launched on shopping ... >>your website for vulnerabilities to SQL injection, ...
(Pen-Test)
Re: [fw-wiz] How to find hidden host within LAN
... there is no host within my lan with this Mac address. ... Tho you said it doesn't ping, ...
(Firewall-Wizards)