How to identify unknown devices on network?

Ed plug at 0x1b.com
Mon Jul 7 21:50:33 MST 2014 

On Mon, Jul 7, 2014 at 5:30 AM,  <kitepilot at kitepilot.com> wrote:
>> MAC address cloning can cause issues also if we are not careful.
>

don't clone MAC addresses-> randomize!   ;)
if the MAC address isn't all that helpful, you might try
fingerprinting the OS running behind the NIC with nmap or p0f


> A duplicated MAC address in a network is as bad (or *WORSE*) that a
> duplicated IP address.
> Once the MAC address is resolved via an ARP 'who has" request, and the
> IP/MAC has been entered in the ARP table, ail communication is predicated on
> knowing the MAC address.
> I can track a duplicated IP address, I don't know if it is possible to track
> a duplicated MAC.
> Brrrrrrrrr...
> ET
>
>
>
> Ed Knapp writes:
>>
>> The first unknown ( .3 ) looks like a Canon device. Printer?
>> .8 is a Vizio device. TV?
>> .104 is a device from a company called Silex.  Could be any number of
>> devices. They seem to make a wide range of interesting products.
>> http://www.silexamerica.com
>> I just used a MAC address search tool online.
>> The first one that came up for me was http://www.coffer.com .
>> The first part of a Mac hardware address is the manufacturer. The
>> remainder is a unique serial number/identifier.  The two together (are
>> supposed) make a globally unique hardware address to prevent any possible
>> addressing conflicts.
>> Some, er, less conscientious manufacturers aren't diligent about ensuring
>> truly unique mac addresses.  It is easier and cheaper to make half a million
>> exact copies than the added cost and complexity of incrementing the MAC
>> address.
>> MAC address cloning can cause issues also if we are not careful.
>> Hopefully that will help a bit in tracking what has connected to your
>> network.
>> Let us know here on the list if you have any other questions or if we can
>> elaborate.
>> Have a great night!
>> Ed K.
>> Plug lurker
>>>
>>> On Jul 6, 2014, at 11:33 PM, joe at actionline.com wrote:
>>> How can I identify the unknown devices (????? below)
>>> on my local network?
>>> Source IP:  Devices:    Mac addr:
>>> 192.168.0.1 Motorola    00:24:37:85:73:f0 REPLACED
>>> 192.168.0.2 X5003191    2c:44:fd:67:34:ab Ethernet 3
>>> 192.168.0.3 Unknown ??    88:87:17:c0:a4:45 ?????
>>> 192.168.0.4 Galaxy phn    0c-71-5d-29-dc-ff
>>> 192.168.0.5 Tivo 84600    00:11:d9:55:72:ca
>>> 192.168.0.6 Xoom tab    98-4b-4a-c0-6f-3a
>>> 192.168.0.7 Chromecast    d0:e7:82:c4:5c:ac
>>> 192.168.0.8 ??????????    00:19:9d:56:50:2e ?????
>>> 192.168.0.9 Nexus7 tab    ac:22:0b:44:da:95
>>> 192.168.0.10 HP laptop    e0:06:e6:a2:93:a5
>>> 192.168.0.91 Lenovo      70:71:bc:3e:00:ed
>>> 192.168.0.64 T43 laptop    00:12:f0:34:5c:33
>>> 192.168.0.104 BRW008092CAC78E - 00:80:92:ca:c7:8e ?????
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list