ping the IP of the network device, then check your ARP cache. if the IP<->MAC mapping is present then you are in the same broadcast domain as the network device and the MAC address is relevant. if the IP<->MAC mapping is not present in your ARP cache then you are in a different broadcast domain than the network device and the MAC is unavailable (through any direct means).

if the network device is wireless then you will not be able to determine the MAC nor the IP of the access point through any direct means.

you may have access to indirect means like SNMP. then anything is possible but you need the right passwords for the access points.

if you have the IP of a network device and the passwords to the access points (and a list of the access points) then you can query the access point for the IP<->MAC mapping of all current connections (by IP or MAC). query each access point untill you find the IP/MAC you are interested in.

depending on the access point and it's SNMP funcionality you may find the information in different places and have to find the right little bit.

# on an Enterasys R2 AP it goes a bit like this.

sub mac2oid { join '.', map {hex} split ':', $_[0] }

my $macoid = mac2oid( '0:de:ad:be:ee:ef' );

my ($ifoid) = qw( .1.3.6.1.2.1.17.7.1.2.2.1.2.1 );
my ($howoid)= qw( .1.3.6.1.2.1.17.7.1.2.2.1.3.1 );

my $gets = [
        [ $ifoid, $macoid ],
        [ $howoid, $macoid ],
];

use SNMP;

...

# $session->get( $gets );   # i have an async module that
                            # scatters the gets across a
                            # list of access points that
                            # won't fit in this margin.

my $interface = $gets->[0]->[2];
my $how       = $gets->[1]->[2];

if ( $interface & 0x6 and $how = 3 ) {
  # on this switch the MAC has been seen
  # on the wireless interface (over the radio)
  # and was learned automatically (vs learned from mgmt
  #  or learned from a filer)

  # found which AP the MAC was on!
  # do something
}

[download]

in my case i always can find the MAC of the network device in question, then i query all of the access points looking for the one (or more) that have seen that MAC address on their radio interface (vs seeing the MAC on their wired interface). this gets me which access points the network device is using.

my next step is usually to add them to the filter on the access point to deny them wireless access. (MuAhahah)

In reply to Re: Getting MAC Adress from wireless device and access point by zengargoyle
in thread Getting MAC Adress from wireless device and access point by alzhaimer

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.