i have mac address. how do i find out what sorta device it is?

Random

i have the mac address of a device which is connecting to my wireless network. the app i have for my phone (fing) only tells me that its intel and then gives me the mac address.

any ideas how i can narrow down what sorta device it is?

thanks

Alun

You can't really. The first 3 bytes of the MAC address (or OUI) define the manufacturer, and that's it. The remaining 3 bytes are just assigned sequentially during manufacture.

http://www.wireshark.org/tools/oui-lookup.html

If you have access to some kind of SNMP tool you *might* be able to glean some basic information using the default SNMP password (or community string as it's called), i.e. 'public'.

Random

the device is no longer on my network. "intel corporate" is basically the only info i can get from looking the mac address up etc. i guess its gonna just be a mystery then.

swampgas

Random wrote: »

i have the mac address of a device which is connecting to my wireless network. the app i have for my phone (fing) only tells me that its intel and then gives me the mac address.

any ideas how i can narrow down what sorta device it is?

thanks

As far as I know the MAC will only give you the vendor, Intel in your case, and little else.

If the device has been allocated an IP address, you could try to identify the device by the type of network traffic it is generating, but that's not so easy.

If you can monitor the device's traffic with something like wireshark and see some http traffic, you can learn a bit about it from the information embedded in the http requests (OS type, browser type, etc.).

If you don't know what the device is, why not simply secure your network with WEP/WPA/WPA2?

Saganist

swampgas wrote: »

As far as I know the MAC will only give you the vendor, Intel in your case, and little else.

If the device has been allocated an IP address, you could try to identify the device by the type of network traffic it is generating, but that's not so easy.

If you can monitor the device's traffic with something like wireshark and see some http traffic, you can learn a bit about it from the information embedded in the http requests (OS type, browser type, etc.).

If you don't know what the device is, why not simply secure your network with WEP/WPA/WPA2?

As you said. The Mac will only show you the vendor.

However. I use nmap, which does give you a bit more info on devices connected to your network, such as open ports etc.

Heres the output of a nmap scan on my home network,

Not sure if it would be of any use, but may be worth a try.

Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-31 17:24 GMT Standard Time

Nmap scan report for 10.0.0.1

Host is up (0.057s latency).

Not shown: 996 closed ports

PORT STATE SERVICE

23/tcp open telnet

80/tcp open http

3333/tcp open dec-notes

5555/tcp open freeciv

MAC Address: 00:22:3F:8D:61:27 (Netgear)



Nmap scan report for 10.0.0.63

Host is up (0.048s latency).

Not shown: 994 closed ports

PORT STATE SERVICE

21/tcp open ftp

80/tcp open http

631/tcp filtered ipp

8000/tcp open http-alt

9100/tcp open jetdirect

10000/tcp open snet-sensor-mgmt

MAC Address: 00:20:00:0C:67:1B (Lexmark International)



Nmap scan report for 10.0.0.69

Host is up (0.056s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

139/tcp open netbios-ssn

MAC Address: 00:90:A9:22:86:F6 (Western Digital)