Hack 39. Find Radio Manufacturers by MAC

Discover what sort of radio cards and laptops are in use on your local network.

If you've got a wireless network, you might be wondering about who is using your wireless network. Sure, you have their IP addresses [Hack #49], and their MAC addresses are easily found with a simple arp -an. But what kind of computers or network cards are they using?

The IEEE maintains the database of organizationally unique identifiers (OUI). These are the first 24 bits of the MAC address, parceled out to vendors who manufacture Ethernet devices. If you know the first three bytes of a MAC address, you can look up the device's manufacturer directly from the IEEE. There is a searchable database on the Web at http://standards.ieee.org/regauth/oui/index.shtml. Note that to use this service, you need to specify the OUI separated by hyphens, not colons (e.g., 00-02-2d, not 00:02:2d.).

2.18.1. The Code

Of course, this is handy for the occasional query, but what if you want to instantly see the manufacturer of all devices on your local subnet? Just after performing a broadcast ping [Hack #49], try the Perl script in Example 2-3.

Example 2-3. machine.pl, which uses arp and the IEEE database to identify network cards

#!/usr/bin/perl

my %cards;
my %ips;

open(ARP,"arp -an|") || die "Couldn't open arp table: $!
";

print "Looking up OUIs.";
while() {
 chomp;
 my $addr = $_;
 my $ip = $_;
 $addr =~ s/.* ([dw]+:[dw]+:[dw]+):.*/$1/;
 $addr =~ s/([dw])/0$1/g;
 $addr =~ s/:/-/g;
 next unless $addr =~ /..-..-../;
 
 $ip =~ s/.*?(d+.d+.d+.d+).*/$1/;
 print ".";
 $cards{$addr}||=`curl -sd 'x=$addr' http://standards.ieee.org/cgi-bin/
ouisearch`;
 ($cards{$addr} =~ /Sorry!/) && ($cards{$addr} = "Unknown OUI: $addr");
 $ips{$ip} = $addr;
}
print "
";
for(keys(%ips)) {
 $cards{$ips{$_}} =~ s/.*.hex.s+([ws,.]+)
.*/$1/s;
 print "$_ -> $cards{$ips{$_}}
";
}

This script works well on Linux, Mac OS X, and BSD. It requires only Perl and the cURL network utility (http://curl.sourceforge.net), and it assumes that the arp utility is in your path. For efficiency's sake, it queries the IEEE only once for each OUI it encounters.

2.18.2. Running the Hack

Save the code to a file called machines.pl and invoke it from the command line, where it will produce output somewhat like this:

$ perl machines.pl

		 Looking up OUIs………
		 10.15.6.98 -> Compaq Computer Corporation
		 10.15.6.44 -> Aironet Wireless Communication
		 10.15.6.64 -> Aironet Wireless Communication
		 10.15.6.49 -> APPLE COMPUTER, INC.
		 10.15.6.75 -> Netgear, Inc.
		 10.15.6.87 -> APPLE COMPUTER, INC.
		 10.15.6.62 -> Senao International Co., Ltd.	

This node has a Compaq card, two Cisco Aironet cards, two Apple AirPorts, a Netgear card, and a Senao card associated with it. This quickly gives you some idea of the demographic of your wireless users; plotted over time, it might show some interesting trends.

Some vendors are not listed in the OUI database, but the vast majority are. Some vendors are listed under the name of a subsidiary company (frequently from Taiwan), which can be misleading. But for an informal poll of who is using your wireless network, this script can be quite illuminating.


Bluetooth, Mobile Phones, and GPS

Network Discovery and Monitoring

Wireless Security

Hardware Hacks

Software Hacks

Do-It-Yourself Antennas

Wireless Network Design

Appendix A. Wireless Standards

Appendix B. Wireless Hardware Guide



Wireless Hacks
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
ISBN: 0596101449
EAN: 2147483647
Year: 2004
Pages: 178

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net