If you just joined us from the last
hack [Hack #26], you might be wondering
about who is using your wireless network. Sure, you have their IP
addresses, and their MAC addresses are easily found with a simple
arp -an. But what kind
of computers are they using?
The IEEE maintains the database of
Organizationally Unique
Identifiers (OUI).
These are the first 24 bits of the MAC address, parceled out to
vendors who manufacture Ethernet devices. If you know the first three
bytes of a MAC address, you can look up the device's
manufacturer directly from the IEEE. There is a searchable database
on the Web at http://standards.ieee.org/regauth/oui/index.shtml.
Note that to use this service, you need to specify the OUI separated
by hyphens, not colons (e.g., 00-02-2d, not 00:02:2d.).
Running the Hack
Save the code to a file called machines.pl and
invoke it from the command line, producing output somewhat like the
following:
rob@florian:~$ perl machines.pl
Looking up OUIs.........
10.15.6.98 -> Compaq Computer Corporation
10.15.6.44 -> Aironet Wireless Communication
10.15.6.64 -> Aironet Wireless Communication
10.15.6.49 -> APPLE COMPUTER, INC.
10.15.6.75 -> Netgear, Inc.
10.15.6.87 -> APPLE COMPUTER, INC.
10.15.6.62 -> Senao International Co., Ltd.
This node has a Compaq card, two Cisco Aironet cards, two Apple
AirPorts, a Netgear, and a Senao card associated with it. This
quickly gives you some idea of the demographic of your wireless
users; plotted over time, it might show some interesting trends.
Some vendors are not listed in the OUI database, but the vast
majority are. Some vendors are listed under the name of a subsidiary
company (frequently from Taiwan), which can be misleading. But for an
informal poll of just who is using your wireless network, this script
can be quite illuminating.
The CodeOf course,
this is handy for the occasional query, but what if you want to
instantly see the manufacturer of all devices on your local subnet?
Just after performing a broadcast ping [Hack #26], try this bit of Perl: #!/usr/bin/perl
my %cards;
my %ips;
open(ARP,"arp -an|") || die "Couldn't open arp table: $!\n";
print "Looking up OUIs.";
while(<ARP>) {
chomp;
my $addr = $_;
my $ip = $_;
$addr =~ s/.* ([\d\w]+:[\d\w]+:[\d\w]+):.*/$1/;
$addr =~ s/\b([\d\w])\b/0$1/g;
$addr =~ s/:/-/g;
next unless $addr =~ /..-..-../;
$ip =~ s/.*?(\d+\.\d+\.\d+\.\d+).*/$1/;
print ".";
$cards{$addr}||=`curl -sd 'x=$addr' http://standards.ieee.org/cgi-bin/[RETURN]ouisearch`;
($cards{$addr} =~ /Sorry!/) && ($cards{$addr} = "Unknown OUI: $addr");
$ips{$ip} = $addr;
}
print "\n";
for(keys(%ips)) {
$cards{$ips{$_}} =~ s/.*.hex.\s+([\w\s\,\.]+)\n.*/$1/s;
print "$_ -> $cards{$ips{$_}}\n";
}
This script works well on Linux, Mac OS X, and BSD. It requires only
Perl and the curl network utility (http://curl.sourceforge.net/), and it assumes
that the arp utility is in your PATH. For
efficiency's sake, it queries only the IEEE once for
each OUI it encounters.
Showing messages 1 through 6 of 6.
-
corrected version
2006-07-15 19:39:51
willc2
[View]
-
corrected version
2006-07-15 19:42:04
willc2
[View]
-
hmmm...
2004-04-09 23:00:20
lu.schreier
[View]
-
beautiful idea (small bug)
2003-12-17 13:12:47
jzsimon
[View]
-
beautiful idea (small bug)--fix
2003-12-18 11:07:31
jzsimon
[View]
-
error in program as printed
2003-12-17 13:03:40
jzsimon
[View]
|
Showing messages 1 through 6 of 6.
|
|
O'Reilly Home | Privacy Policy
© 2007 O'Reilly Media, Inc.
Website:
| Customer Service:
| Book issues:
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.
|
|
#!/usr/bin/perl
my %cards;
my %ips;
open(ARP,"arp -an|") || die "Couldn't open arp table: $!\n";
print "Looking up OUIs.";
while(<ARP>) {
chomp;
my $addr = $_;
my $ip = $_;
$addr =~ s/.* ([\d\w]+:[\d\w]+:[\d\w]+):.*/$1/;
$addr =~ s/\b([\d\w])\b/0$1/g;
$addr =~ s/:/-/g;
next unless $addr =~ /..-..-../;
$ip =~ s/.*?(\d+\.\d+\.\d+\.\d+).*/$1/;
print ".";
$cards{$addr}||=`curl -sd 'x=$addr' http://standards.ieee.org/cgi-bin/ouisearch`;
($cards{$addr} =~ /Sorry!/) && ($cards{$addr} = "Unknown OUI: $addr");
$ips{$ip} = $addr;
}
print "\n";
for(keys(%ips)) {
$cards{$ips{$_}} =~ s/.*.hex.\s+([\w\s\,\.-]+)\n.*/$1/s;
print "$_ -> $cards{$ips{$_}}\n";
}