Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: can MAC address help to identify an attacker?

can MAC address help to identify an attacker? 13 years 1 month ago #12539

Can anyone tell me how MAC address will be helpful in identifying an attacker?

In 2 scenario's!

If a direct connection is there and also if a gateway is in between?

MAC Address 13 years 1 month ago #12545

The MAC address is the only thing that you can be reasonably certain will uniquely identify the source machine. Of course it is even possible to spoof a MAC address or change the address burned into the machine's NIC but that's another subject. On a direct connection where you are on the same segment, the MAC address of the attacker identifies the machine that sourced the attack. If a gateway is between you and the attacker then the attack packets will contain the source MAC address of the gateway. So you'd then have to go to the gateway and query its ARP cache to find out the address of the offending machine. If there are several gateways in the path you'd need to repeat this for each gateway until you got to the home network of the attacker. Obviously this is only feasible where all the gateways are under your control and you have access to them

Re: can MAC address help to identify an attacker? 13 years 1 month ago #12546

Hi Bishop

Can you brief out the concept of Quering the Gateway for the ARP Cache...

Paul 8)

ARP Cache 13 years 1 month ago #12547

It depends on what the gateway device is, because each manufacturer has different commands for doing this. However basically you'd connect to the device using web interface or a telnet session then enter the appropriate command. On a Cisco router you use the command Show Arp in EXEC mode

Re: can MAC address help to identify an attacker? 13 years 1 month ago #12548

Thanks Bishop for ur reply!

If gateway is in the path then the gateway replaces the MAC address of the sender with its own address. As a result, you can trace the attack to the gateway only.(Unless you have the control over the gateway.)
If there is no control over the gateway will it be feasible to know abt the details of the attacker?

Attacker 13 years 1 month ago #12584

You won't be able to use this method to find the MAC address if you can't query the gateway/router. However there are possibilities. First, sometimes it is possible to dump the MAC address table of a device using SMNP is the device supports it and you know (or can discover) the community strings. Secondly, even without the MAC address you can discover things about an attacker. The IP address will tell you the subnet they are on which may narrow it down to a particular building or floor within a company. Or if across the internet then do a DNS lookup which may give you details on the owner of the domain or the ISP
  • Page:
  • 1
Time to create page: 0.102 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup