How to get the MAC address of an ANTENNA on my roof
in [Wireless Internet]
|
Prev: ===Christian Louboutin - www.vipchristianlouboutin.com
Next: NEWS: Hackers release carrier unlock for Apple's iPhone 4
From: Brent on 4 Aug 2010 18:26 Here's a summary of the proposed methods to obtain the MAC address of the ethernet card on the rooftop antenna box. 1. Install WinPcap 2. Install Wireshark and/or Airsnare 3. Sniff for the MAC address of the etherner card on the roof i. Install Linux ii. Install Kismet iii. Sniff for the MAC address of the etherner card on the roof a. Open the box up to find the manufacturer (or ask the ISP) b. Cross reference the manufacturer to obtain the first half of the MAC c. Combine that with the already known 2nd half of the MAC address I. Query the existing Linksys WRT54G router for the Gateway IP II. Replace the router with the PC III. Query the rooftop ethernet card/antenna for the MAC address There was also a suggestion from Jeff to sniff "traffic" with Netstumbler, which, after googling, I "think" Jeff means to do the following: A. Hack Netstumbler with NetCrumbler (I tried but it hung my system badly) B. Once hacked, use NetCrumbler to query "traffic" C. Pull the rooftop ethernet card's MAC address out of that queried traffic One of these method should work. I'll report back with the results.
From: DanS on 4 Aug 2010 18:52 Brent <beemdoubleu(a)Use-Author-Supplied-Address.invalid> wrote in news:d0189c9f174f308f403efb51129bb1a7(a)tioat.net: >> If the ISP is indeed authenticating just by MAC (which >> would be surprising since it's so easily spoofed), then >> all you need is to sniff the *wireless* MAC of the device >> (as Jeff described). > > While I haven't seen Jeff's response yet, a friend here at > work just suggested a perfect solution (if it works) in the > cafeteria at lunch. > > He suggested I simply connect to the ethernet bridge on my > roof via the http protocol. The steps he suggested are: > a) Log into the router to find the gateway it is using > (which he surmises is probably the IP address of the > ethernet bridge/antenna on my roof). He surmises wrong....sorry. The bridge can be, and is most likely, on a completely different subnet than the one that gets assigned to the connected device. That's why it's called a 'bridge' and not a router. > Let's assume that IP address is (for arguments sake): > 1.2.3.4 But you *don't* know what it is. And it won't show up through a tracert > > b) Then remove the router and replace it with the laptop > (perhaps with a crossover cable if needed). > > c) Connect now to the ethernet bridge/antenna using the > http protocol: http://1.2.3.4 > > Once there, if the bridge/antenna will let me log in, then > I can find the MAC address. Let's assume the MAC address is > 00:00:00:00:00:01 All you'd need to do is have the correct IP address of the bridge to find the MAC. *IF* you did have the correct IP address, you would need to change your IP address to be in the same subnet, which you'd need to do anyway to log into it via HTTP. At that point, all you would need to do is ping the rtr, then issue: arp -a ....and it will tell you the MAC associated with the IP address. If the 'antenna' is Linux powered, I'd try using discover.exe on it. That uses some protocol that can discover many Linux- based devices on a network, regardless of IP address. It also has MAC Telnet functionaliy. You can initiate a telnet session with the box using strictly MAC address only, so it doesn't matter if you're not on the subnet the box is. The device doesn;t weven have to have an IP address and you can telnet to it through MAC. discover.exe is distributed by at least one 802.11x device vendor, but I don't know the licensing details, therefore, I can't give it to you.
From: Jeff Liebermann on 4 Aug 2010 21:47 On Wed, 4 Aug 2010 22:26:28 +0000 (UTC), Brent <beemdoubleu(a)Use-Author-Supplied-Address.invalid> wrote: >There was also a suggestion from Jeff to sniff "traffic" with Netstumbler, >which, after googling, I "think" Jeff means to do the following: Close, but you went off on a tangent. In addition, I goofed. Netcrumbler appeared in 2005 with the sole intent of keeping Wireless Zero Config alive while running Netstumbler. This allows being connected to the internet via some access point, while simultaneously probing the world with Netstumbler looking for access points. I couldn't make it work 5 year ago and probably can't make it work today. If you want this manner of functionality, I think (not sure) that WiFi Hopper does this: <http://wifihopper.com> >A. Hack Netstumbler with NetCrumbler (I tried but it hung my system badly) >B. Once hacked, use NetCrumbler to query "traffic" I goofed and it won't work. Netstumbler does NOT show the MAC address of client radios. It only shows devices that respond to probes, which are access points and radio setup for peer-to-peer. WiFi Hopper has the same problem. To see wireless clients, you'll need to use Kismet. >C. Pull the rooftop ethernet card's MAC address out of that queried traffic I think that will yield the best results. Note that it gets pulled out of the Wireshark wired capture traffic, not over the air. >One of these method should work. I'll report back with the results. -- Jeff Liebermann jeffl(a)cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
From: John Navas on 4 Aug 2010 22:36 On Wed, 4 Aug 2010 22:26:28 +0000 (UTC), in <4de954dad769f6a16f00b17201477cde(a)tioat.net>, Brent <beemdoubleu(a)Use-Author-Supplied-Address.invalid> wrote: >Here's a summary of the proposed methods to obtain the MAC address of the >ethernet card on the rooftop antenna box. > >1. Install WinPcap >2. Install Wireshark and/or Airsnare >3. Sniff for the MAC address of the etherner card on the roof > >i. Install Linux >ii. Install Kismet >iii. Sniff for the MAC address of the etherner card on the roof > >a. Open the box up to find the manufacturer (or ask the ISP) >b. Cross reference the manufacturer to obtain the first half of the MAC >c. Combine that with the already known 2nd half of the MAC address > >I. Query the existing Linksys WRT54G router for the Gateway IP >II. Replace the router with the PC >III. Query the rooftop ethernet card/antenna for the MAC address > >There was also a suggestion from Jeff to sniff "traffic" with Netstumbler, >which, after googling, I "think" Jeff means to do the following: > >A. Hack Netstumbler with NetCrumbler (I tried but it hung my system badly) >B. Once hacked, use NetCrumbler to query "traffic" >C. Pull the rooftop ethernet card's MAC address out of that queried traffic > >One of these method should work. I'll report back with the results. Your "antenna" device might actually be a "WISP [mode] Router", effectively (a) wireless Ethernet client bridge + (b) wired NAT router. If so, "arp" of the "gateway" address should give you the MAC address of the wired side of the router, which should have the manufacturer code. -- John FAQ for Wireless Internet: <http://wireless.navas.us> FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
From: Brent on 5 Aug 2010 03:11
On Wed, 04 Aug 2010 21:41:04 -0500, DanS wrote: > No. None of those are it, obviously those have nothing to do > with wireless. I shouldn't have said anything. I did query my router to find the gateway IP address, 192.168.3.1 and ran the following commands to try to get a MAC address out of that gateway address. The router MAC address is 00-16-B6-32-43-27. ---------- Ping reported: C:\Documents and Settings\brent>ping 192.168.3.1 Pinging 192.168.3.1 with 32 bytes of data: Reply from 192.168.3.1: bytes=32 time=5ms TTL=63 Reply from 192.168.3.1: bytes=32 time=3ms TTL=63 Reply from 192.168.3.1: bytes=32 time=6ms TTL=63 Reply from 192.168.3.1: bytes=32 time=4ms TTL=63 Ping statistics for 192.168.3.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 3ms, Maximum = 6ms, Average = 4ms ---------- Tracert reported: C:\Documents and Settings\brent>tracert 192.168.3.1 Tracing route to hotspot-wifi.hughes.com [192.168.3.1] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 192.168.1.1 2 5 ms 3 ms 3 ms hotspot-wifi.hughes.com [192.168.3.1] Trace complete. ---------- The Arp reports a MAC address but it's the MAC address of the router: C:\Documents and Settings\brent>arp -a Interface: 10.20.30.202 --- 0x2 Internet Address Physical Address Type 192.168.1.1 00-16-B6-32-43-26 dynamic ---------- I'm not sure WHAT MAC address that ARP is reporting as my router tells me it's MAC address is one higher (i.e., 00-16-B6-32-43-27). Any ideas on what this is telling me? |