Discover what sort of radio cards and laptops are in use on your local network.
If you've got a wireless network, you might be wondering about who is using your wireless network. Sure, you have their IP addresses [Hack #49], and their MAC addresses are easily found with a simple arp -an. But what kind of computers or network cards are they using?
The IEEE maintains the database of organizationally unique identifiers (OUI). These are the first 24 bits of the MAC address, parceled out to vendors who manufacture Ethernet devices. If you know the first three bytes of a MAC address, you can look up the device's manufacturer directly from the IEEE. There is a searchable database on the Web at http://standards.ieee.org/regauth/oui/index.shtml. Note that to use this service, you need to specify the OUI separated by hyphens, not colons (e.g., 00-02-2d, not 00:02:2d.).
2.18.1. The Code
Of course, this is handy for the occasional query, but what if you want to instantly see the manufacturer of all devices on your local subnet? Just after performing a broadcast ping [Hack #49], try the Perl script in Example 2-3.
Example 2-3. machine.pl, which uses arp and the IEEE database to identify network cards
#!/usr/bin/perl my %cards; my %ips; open(ARP,"arp -an|") || die "Couldn't open arp table: $! "; print "Looking up OUIs."; while() { chomp; my $addr = $_; my $ip = $_; $addr =~ s/.* ([dw]+:[dw]+:[dw]+):.*/$1/; $addr =~ s/([dw])/0$1/g; $addr =~ s/:/-/g; next unless $addr =~ /..-..-../; $ip =~ s/.*?(d+.d+.d+.d+).*/$1/; print "."; $cards{$addr}||=`curl -sd 'x=$addr' http://standards.ieee.org/cgi-bin/ ouisearch`; ($cards{$addr} =~ /Sorry!/) && ($cards{$addr} = "Unknown OUI: $addr"); $ips{$ip} = $addr; } print " "; for(keys(%ips)) { $cards{$ips{$_}} =~ s/.*.hex.s+([ws,.]+) .*/$1/s; print "$_ -> $cards{$ips{$_}} "; }
This script works well on Linux, Mac OS X, and BSD. It requires only Perl and the cURL network utility (http://curl.sourceforge.net), and it assumes that the arp utility is in your path. For efficiency's sake, it queries the IEEE only once for each OUI it encounters.
2.18.2. Running the Hack
Save the code to a file called machines.pl and invoke it from the command line, where it will produce output somewhat like this:
$ perl machines.pl Looking up OUIs……… 10.15.6.98 -> Compaq Computer Corporation 10.15.6.44 -> Aironet Wireless Communication 10.15.6.64 -> Aironet Wireless Communication 10.15.6.49 -> APPLE COMPUTER, INC. 10.15.6.75 -> Netgear, Inc. 10.15.6.87 -> APPLE COMPUTER, INC. 10.15.6.62 -> Senao International Co., Ltd.
This node has a Compaq card, two Cisco Aironet cards, two Apple AirPorts, a Netgear card, and a Senao card associated with it. This quickly gives you some idea of the demographic of your wireless users; plotted over time, it might show some interesting trends.
Some vendors are not listed in the OUI database, but the vast majority are. Some vendors are listed under the name of a subsidiary company (frequently from Taiwan), which can be misleading. But for an informal poll of who is using your wireless network, this script can be quite illuminating.
Bluetooth, Mobile Phones, and GPS
Network Discovery and Monitoring
Wireless Security
Hardware Hacks
Software Hacks
Do-It-Yourself Antennas
Wireless Network Design
Appendix A. Wireless Standards
Appendix B. Wireless Hardware Guide