.

Track someone using thr MAC/Physical Address?

<<

real.whitehat

User avatar

Newbie
Newbie

Posts: 18

Joined: Mon Apr 23, 2007 5:50 am

Post Wed Jul 18, 2007 4:08 pm

Track someone using thr MAC/Physical Address?

Is it possible to track someone on the internet by converting thr MAC/Physical Address into Internet IP Address?

or in other word, suppose I have Physical Address of someone  PC(ex- 00-19-5b-9c-21-34) and I want to know thr IP address, how it could be possible?
<<

heffnercj

EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Wed Jul 18, 2007 5:11 pm

Re: Track someone using thr MAC/Physical Address?

You will only be able to see their MAC address if you are on the same subnet they are. Any machines separated by a router will not see each other's MACs.
<<

BiotiC

Newbie
Newbie

Posts: 15

Joined: Thu Mar 22, 2007 7:04 am

Post Wed Jul 18, 2007 6:05 pm

Re: Track someone using thr MAC/Physical Address?

To expand slightly on heffnercj's post......

MAC to IP resolution is done using the ARP protocol.

ARP is non-routable so as heffnercj says "Any machines separated by a router will not see each other".

To track someone on the internet via their MAC address would therefore require some external mechanism ie software rn directly, as a worm, etc to feedback the IP address/MAC address relationship back to a central location. This approach would also need to ensure the information from devices that were behind firewalls or devices that were NATed could be captured as well.

Just imagine if Google ran some kind of script every time you accessed their site that did this correlation and held it in some kind of big database - EEEK!!. Scary thought and not beyond the realms of possibility.  ;)
Last edited by BiotiC on Fri Jul 20, 2007 5:26 pm, edited 1 time in total.
<<

heffnercj

EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Wed Jul 18, 2007 7:12 pm

Re: Track someone using thr MAC/Physical Address?

If you're trying to track a particular machine over the Internet, BiotiC is right, the best way would be to have some call-home program installed on it. Although you can theoretically trace a computer based on time skews measured from the time stamp option in TCP packets, it requires gathering several thousand packets, and I'm not aware of it being performed in a real-world situation (paper on it here: http://www.caida.org/publications/paper ... rprinting/). 

Of course this could be mitigated by turning off the time stamp option too. :)
<<

jimbob

Post Thu Jul 19, 2007 2:52 am

Re: Track someone using thr MAC/Physical Address?

There are some ways of remotely determining a node's MAC address. Good ol' nbtstat comes to mind for windows machines. Today you are much less likely to receive a response to a NetBIOS query than say 5 years ago but this still works in many cases.

Jim
<<

real.whitehat

User avatar

Newbie
Newbie

Posts: 18

Joined: Mon Apr 23, 2007 5:50 am

Post Thu Jul 19, 2007 3:48 pm

Re: Track someone using thr MAC/Physical Address?

Thank-you all for your answer
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Fri Jul 20, 2007 11:05 am

Re: Track someone using thr MAC/Physical Address?

Just curious, how did you get their MAC and not their IP/DNS Hostname?
<<

jimbob

Post Sun Jul 22, 2007 5:32 am

Re: Track someone using thr MAC/Physical Address?

real.whitehat wrote:or in other word, suppose I have Physical Address of someone  PC(ex- 00-19-5b-9c-21-34) and I want to know thr IP address, how it could be possible?

One other piece of information you can get from the MAC address is the vendor of the network device. The first three octets show who the range of MAC addresses is assigned to and you can look this up at...

http://standards.ieee.org/regauth/oui/index.shtml

The MAC address you listed is assigned D-Link, so you can be relatively confident you're looking for a device manufactured by D-Link. Beware that the name branded on the device may differ from who the address is assigned to. A good example is that modern Linksys kit resolved to Cisco Corp, since Cisco bought up Linksys a few years back.

Regards,
Jim
<<

real.whitehat

User avatar

Newbie
Newbie

Posts: 18

Joined: Mon Apr 23, 2007 5:50 am

Post Thu Jul 26, 2007 8:34 am

Re: Track someone using thr MAC/Physical Address?

oleDB wrote:Just curious, how did you get their MAC and not their IP/DNS Hostname?


>because it was my own laptop MAC address which was stolen by someone

it means almost it is impossible to track any one from there MAC address.

But is it Possible to retrieve MAC address from someones IP address? if yes then pls let me know how to do that.
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Thu Jul 26, 2007 8:40 am

Re: Track someone using thr MAC/Physical Address?

To get a MAC from IP you would need to be on the same subnet or have some kind of Trojan program on the victims computer cause the MAC (Layer 2) is not routable on the internet (layer 3 & up).

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

jimbob

Post Thu Jul 26, 2007 9:26 am

Re: Track someone using thr MAC/Physical Address?

One remote possibility would be to wardrive and check for an active client with the same MAC, assuming that the interface was a wireless one. This would only work if

a) the laptop was power up
b) it has joined a wireless network
c) both of the above occur while your driving by

You could possibly set up a fake AP as part of your wardriving kit and hope it associates while your passing by. The chance of success is somewhere between long shot and fantasy however.

Jim
<<

real.whitehat

User avatar

Newbie
Newbie

Posts: 18

Joined: Mon Apr 23, 2007 5:50 am

Post Thu Jul 26, 2007 9:40 am

Re: Track someone using thr MAC/Physical Address?

jimbob wrote:One remote possibility would be to wardrive.....
Jim


If I'm not wrong then with AP wardriving is possible in Local Area only then how could I  track them globally over internet..?
<<

jimbob

Post Sat Jul 28, 2007 1:18 pm

Re: Track someone using thr MAC/Physical Address?

If I'm not wrong then with AP wardriving is possible in Local Area only then how could I  track them globally over internet..?

I think if you really needed to track a stolen laptop we need to forget the MAC address idea. The advice on this thread so far basically says in most cases you need to be on the same subnet as the 'physically compromised' machine to have a chance of tracking it.

There are other possibilities for tracking, but again the chances of success are slim. Is there any software on the laptop that 'phones home'? This might be for example an instant messenger account that's set to log in automatically. You could try creating a new account, adding your old account to your contacts and waiting to see if your account is logged in from elsewhere. The IM provider might give up the IP address but only to law enforcement agency.

The long and the short of it is that you're very unlikely to get your laptop back. Your best bet would be to ensure the theft has been reported to the police and that they have the serial number of the laptop in case it's recovered.

Regards,
Jim
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Mon Mar 03, 2008 5:47 pm

Re: Track someone using thr MAC/Physical Address?

Dont change back to your old passwords on any of those accounts. Yes that would work if you were working directly with the server it connected to and got the originating IP and if you had a court order for the ISP to give up the location. You could check a few pawn shops or if you had recorded the mac (dont feel bad you didnt, most people dont) you could wardrive around, but dont spend too much time driving around with $3.00 a gallon gas. Even if you had recorded the mac and had managed to find it wardiving, what would you do? Go bang on the front door of the house? Call the police and try and convince them someone in that house has your laptop because Kismet seems to indicate it? Unless the house is full of Al-Qaeda and you had nuclear secrets on your laptop you will be out of luck. In other words, too much hassle and expense. I hate to say it but the place to start is to start saving up for a new laptop.
Last edited by Kev on Mon Mar 03, 2008 6:02 pm, edited 1 time in total.
<<

rok

Newbie
Newbie

Posts: 39

Joined: Sun Apr 27, 2008 2:18 am

Post Wed Jun 04, 2008 10:31 am

Re: Track someone using thr MAC/Physical Address?

well day by day it seems that internet security is getting tighter.Few years back we can easily get ip.host names withe use of cmd in windows,but nowdays its just noway. I just want to ask is there any way nowdays available for getting ip over global network??
Next

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software