in reply to mac to IP address?

If I take your question at face value I have to answer "NO" and say that there is no mapping of MAC address ==> IP address in the strictest sense of the wording. A MAC address is a hardware address usually assigned by a manufacturer (on some hardware you can set all or some of the MAC address in the field but I believe that has been depricated in most cases) and an IP address is assigned by a system or network administrator.

On the other hand, depending your OS you can to a very limited degree find a matching IP address for a given MAC and let me iterate some of the methods I would pursue:

ARP Caches

Mentioned elsewere in this thread is the concept of using an APR cache to lookup a hardware address and map it to an IP address. Let me look at two approaches for that:

Local ARP

On a *NIX system you can run a command called arp with the -a and it will dump the system's ARP cache to stdout. On my Linux box at home I get this kind of result from the command line: 
$ /sbin/arp -a
router.isp.net  (168.239.116.1) at 00:01:5C:22:3C:42 [ether] on eth0

[download]
Note:IP addresses and names been changed to protect me!
If I wrte a Perl script to parse that I can map the ARP address  00:01:5C:22:3C:42 to it's associated IP address trivially.

The HUGE disadvantage this method has is only the ARP addresses for my local subnet are valid. If a host on the other side of the router from me then what is mapped into the ARP cache for a given IP address is the MAC address of the router. Not much help is it?

Other ARP caches

Another scheme would be to look at the ARP caches of every network device on my network and check it's ARP cache weeding out MAC addresses belonging to network devices.

In point of fact I wrote something called routerWalk several years ago that does just that. It logs onto the first router it sees, dumps its ARP cache, sifts through it and compares it to the routing table to determine which MAC addresses are valid and which belong to routers and stores the reesult. I wrote this in order to validate data stored in our IP Management system (QIP) and find unregistered hosts.

For that application that approach worked well but to do this every time you run a script that wants to reference that data would be impractical and a major PITA as well as not exactly a good way to make friends with your network operation folks.

Databases

Rarely actually populated but still do exist are the /etc/ethers files as well as the network distributed forms of them through NIS, NIS+ or whatever. If you have those available to you, use them.

In my environment I can actually query for that information against my QIP database and solve the problem that way.

Enjoy!

Peter L. Berghold -- Unix Professional
Peter at Berghold dot Net
   Dog trainer, dog agility exhibitor, brewer of fine Belgian style ales. Happiness is a warm, tired, contented dog curled up at your side and a good Belgian ale in your chalice.

Replies are listed 'Best First'.
Re: Re: mac to IP address?
by iburrell (Chaplain) on Jan 27, 2004 at 01:57 UTC
    There is another choice to get the MAC to IP address mappings. I have heard of a utility called arpwatch. It is a daemon that listens to the network and records all the ARP packets it sees. Since ARP is broadcast, the daemon can get a pretty good view of all the mappings on the local subnet. I know arpwatch comes with some Linux distributions.
[reply]

          I have heard of a utility called arpwatch. It is a daemon


          I know arpwatch comes with some Linux distributions.

      I thought of arpwatch but dismissed it for two reasons:

      1. It does not come "standard" everywhere which in my mind is a minor reason to not include it.
      2. Because as you pointed out it is a daemon and not a CLI utility (IIRC) it isn't much use to a Perl programmer.

      There are other utilities as well such as tcpdump and snoop but I think they aren't what the OP had in mind either.

      If what you are after is to take an ETHERNET address and convert it to an IP address "right now" then none of the utilites such as snoop, arpwatch or tcpdump are going to be of much use.

      Peter L. Berghold -- Unix Professional
      Peter at Berghold dot Net
         Dog trainer, dog agility exhibitor, brewer of fine Belgian style ales. Happiness is a warm, tired, contented dog curled up at your side and a good Belgian ale in your chalice.
[reply]

In Section Seekers of Perl Wisdom