mac addresses OSR5 and Unixware - SCO

This is a discussion on mac addresses OSR5 and Unixware - SCO ; I'm trying to determine mac addresses of users telnet'ing to the server. arp -a identifies local users, but not any remote users connected via VPN's or otherwise. Is there any way to get that info?...

+ Reply to Thread
Results 1 to 9 of 9

Thread: mac addresses OSR5 and Unixware

  1. mac addresses OSR5 and Unixware

    I'm trying to determine mac addresses of users telnet'ing to the server.
    arp -a identifies local users, but not any remote users connected via VPN's
    or otherwise. Is there any way to get that info?



  2. Re: mac addresses OSR5 and Unixware

    In article , Ron Kirschner wrote:
    >I'm trying to determine mac addresses of users telnet'ing to the server.
    >arp -a identifies local users, but not any remote users connected via VPN's
    >or otherwise. Is there any way to get that info?
    >
    >


    No. MAC address stay on the local network.


    --
    Bill Vermillion - bv @ wjv . com

  3. Re: mac addresses OSR5 and Unixware

    On 17 Jan, 16:12, b...@wjv.com (Bill Vermillion) wrote:
    > In article , Ron Kirschner wrote:
    > >I'm trying to determine mac addresses of users telnet'ing to the server.
    > >arp -a identifies local users, but not any remote users connected via VPN's
    > >or otherwise. *Is there any way to get that info?

    >
    > No. MAC address stay on the local network. *


    Why do you want them? The user could, if you ask nicely, send them to
    you.

  4. Re: mac addresses OSR5 and Unixware

    On 17 Jan, 23:01, Nico Kadel-Garcia wrote:
    > On 17 Jan, 16:12, b...@wjv.com (Bill Vermillion) wrote:
    >
    > > In article , Ron Kirschner wrote:
    > > >I'm trying to determine mac addresses of users telnet'ing to the server..
    > > >arp -a identifies local users, but not any remote users connected via VPN's
    > > >or otherwise. *Is there any way to get that info?

    >
    > > No. MAC address stay on the local network. *

    >
    > Why do you want them? The user could, if you ask nicely, send them to
    > you.


    A followup: you can install "lsof" from the Skunkware site, and use it
    to see what network ports and services are open to what incoming
    clients. Then you can parse that to find the hostnames or IP
    addresses, and ping them to get the MAC addresses.

    Does that help?

  5. Re: mac addresses OSR5 and Unixware

    On 17 Jan, 23:01, Nico Kadel-Garcia wrote:
    > On 17 Jan, 16:12, b...@wjv.com (Bill Vermillion) wrote:
    >
    > > In article , Ron Kirschner wrote:
    > > >I'm trying to determine mac addresses of users telnet'ing to the server..
    > > >arp -a identifies local users, but not any remote users connected via VPN's
    > > >or otherwise. *Is there any way to get that info?

    >
    > > No. MAC address stay on the local network. *

    >
    > Why do you want them? The user could, if you ask nicely, send them to
    > you.


    Oh, wait, never mind, I forgot here that you referred to VPN users.

  6. Re: mac addresses OSR5 and Unixware

    In article ,
    Nico Kadel-Garcia wrote:
    >On 17 Jan, 23:01, Nico Kadel-Garcia wrote:
    >> On 17 Jan, 16:12, b...@wjv.com (Bill Vermillion) wrote:
    >>
    >> > In article , Ron Kirschner wrot=

    >e:
    >> > >I'm trying to determine mac addresses of users telnet'ing to the server=

    >.
    >> > >arp -a identifies local users, but not any remote users connected via V=

    >PN's
    >> > >or otherwise. =A0Is there any way to get that info?

    >>
    >> > No. MAC address stay on the local network. =A0

    >>
    >> Why do you want them? The user could, if you ask nicely, send them to
    >> you.

    >
    >A followup: you can install "lsof" from the Skunkware site, and use it
    >to see what network ports and services are open to what incoming
    >clients. Then you can parse that to find the hostnames or IP
    >addresses, and ping them to get the MAC addresses.
    >
    >Does that help?


    That still won't give you MAC address that are NOT on the local
    LAN. MAC's aren't transmitted across the net unless you
    have a bridged network.

    And there is no quarantee that if you could get the MAC from a far
    machine that it would not collide with a local MAC address.

    While MAC address in hardware are supposed to be unique, in the
    past some cheapo NICs had duplicate MAC addresses.

    And there is also the possibility that the MAC address has been
    changed on any machine so that it differs from the burned in
    address.

    Just one reason that a MAC address may be re-written is that once
    the MAC is resolved by looking for IP all communications are at the
    MAC address so that if you run a fail-over machine, if the primary
    machine fails, then you re-write the MAC on the backup machine so
    that the failover is transparent.

    At least that's how I understand it all.


    Bill



    --
    Bill Vermillion - bv @ wjv . com

  7. Re: mac addresses OSR5 and Unixware

    On Jan 17, 9:47 am, "Ron Kirschner" wrote:
    > I'm trying to determine mac addresses of users telnet'ing to the server.
    > arp -a identifies local users, but not any remote users connected via VPN's
    > or otherwise. Is there any way to get that info?


    It all depends on the OS that the telnet client is runing on. Windows
    XP has a built in utility called getmac.exe that will retrieve the
    MAC address.

    I used to telnet back into the client from the server in order to do
    this. But you could also use the 'psexec for unix' util to do the same
    thing i'm sure.

    'Skye Bowen

  8. Re: mac addresses OSR5 and Unixware

    On 24 Jan, 13:26, Skye wrote:
    > On Jan 17, 9:47 am, "Ron Kirschner" wrote:
    >
    > > I'm trying to determine mac addresses of users telnet'ing to the server.
    > > arp -a identifies local users, but not any remote users connected via VPN's
    > > or otherwise. *Is there any way to get that info?

    >
    > It all depends on the OS that the telnet client is runing on. Windows
    > XP *has a built in utility called getmac.exe that will retrieve the
    > MAC address.
    >
    > I used to telnet back into the client from the server in order to do
    > this. But you could also use the 'psexec for unix' util to do the same
    > thing i'm sure.
    >
    > 'Skye Bowen


    No, you can't. VPN connections normally iinterpose a gateway: you'll
    see the MAC address of the nearer side of the VPN gateway, not of the
    telnetting client.

  9. Re: mac addresses OSR5 and Unixware

    Bill Vermillion wrote:
    > In article ,
    > Nico Kadel-Garcia wrote:
    >> On 17 Jan, 23:01, Nico Kadel-Garcia wrote:
    >>> On 17 Jan, 16:12, b...@wjv.com (Bill Vermillion) wrote:
    >>>
    >>>> In article , Ron Kirschner wrot=

    >> e:
    >>>>> I'm trying to determine mac addresses of users telnet'ing to the server=

    >> .
    >>>>> arp -a identifies local users, but not any remote users connected via V=

    >> PN's
    >>>>> or otherwise. =A0Is there any way to get that info?
    >>>> No. MAC address stay on the local network. =A0
    >>> Why do you want them? The user could, if you ask nicely, send them to
    >>> you.

    >> A followup: you can install "lsof" from the Skunkware site, and use it
    >> to see what network ports and services are open to what incoming
    >> clients. Then you can parse that to find the hostnames or IP
    >> addresses, and ping them to get the MAC addresses.
    >>
    >> Does that help?

    >
    > That still won't give you MAC address that are NOT on the local
    > LAN. MAC's aren't transmitted across the net unless you
    > have a bridged network.
    >
    > And there is no quarantee that if you could get the MAC from a far
    > machine that it would not collide with a local MAC address.
    >
    > While MAC address in hardware are supposed to be unique, in the
    > past some cheapo NICs had duplicate MAC addresses.


    It's also a potential problem with virtualized OS's that randomly assign MAC's, and with people who carelessly hardcode virtual OS's with simplistic patterns (like setting the last three octets to all 0's by default.)

    > And there is also the possibility that the MAC address has been
    > changed on any machine so that it differs from the burned in
    > address.


    Yeah, and some folks re-write MAC addresses to spoof client machines and their logging, or to avoid locked in MAC access to configurable switches.

    > Just one reason that a MAC address may be re-written is that once
    > the MAC is resolved by looking for IP all communications are at the
    > MAC address so that if you run a fail-over machine, if the primary
    > machine fails, then you re-write the MAC on the backup machine so
    > that the failover is transparent.
    >
    > At least that's how I understand it all.


    This ties into "pair-bonding" and virtual machine live migration. It's fascinating stuff!

+ Reply to Thread