• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

tracking down anon user

S

skisteven1

Senior member
Given someone's IP, what's the best way to find their MAC address? I have windows XP, and knoppix available (incl ettercap, but I don't really know how to use it). I can put myself on the same subnet, but likely not behind the same switch. Host does not respond to ping and/or portscan (once it responded with port 80 open, so i'd imagine it's up, just firewalled).

Suggestions?

background:> Someone sent an anonymous email on my "behalf" from my building. I've got the IP it came from, and I'd like to track them down so I know who I should stop talking to.

Thanks
 
First do a reverse IP lookup - google for "reverse ip". That should give you a pretty good idea where the email originated from. If you have access to the recipient's email program examining the headers for the offending email may also give some clues.

MAC addresses are unique to the NIC/modem/router and there is no publicly available database for the literally millions of such devices. With dymanic addressing the norm for individual users there is no reliable way to link a IP address to a machine without looking at ISP logs and such.
 
If you can get on the same subnet, just ping it. Doesn't matter if it responds or not. There will be an entry in your ARP table (a table mapping IP and mac addresses)

Then just run "arp -g" on your PC.
 
Will that person still have the same IP now as when Email was sent?? DHCP usually has a lease system and expires after a certain time...be sure that you are not attacking the wrong person!
 
Originally posted by: fuzzynavel
Will that person still have the same IP now as when Email was sent?? DHCP usually has a lease system and expires after a certain time...be sure that you are not attacking the wrong person!
Click to expand...

Our building has static IP's assigned by DHCP. As long as you have the same MAC, its the same IP.

Also, he sent it through yahoo, so as far as I know, the only info I can get is the IP. I can post the headers here if you want.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top