shaneramey/gist:5cde2206f02cb1b6ece8

## gistfile1.txt
For network administrators, being able to trace mac addresses to IP addresses is useful in knowing what's plugged in to your switches. Here's a little script I wrote that takes one argument, the mac-address in hexadecimal format with any number of delimiters, and resolves it to an IP address using an arpwatch database on a Linux machine. It will also resolve the vendor ID using a pre-downloaded database from http://standards.ieee.org/regauth/oui/oui.txt.

Feel free to use it. If you add something, please let me know!


Usage: mac2ip.pl <mac-address>

Example:

jupiter:~# mac2ip.pl 00:16:35:69:88:49
00:16:35:69:88:49 [Hewlett Packard] - 192.168.1.2

#! /usr/bin/perl
#
# Written by Shane Ramey
# 4/18/2010
# Feel free to release this, and keep my name here if you modify this
#


use Socket;

$fileprefix = "/var/lib/arpwatch";
# Download oui.txt from http://standards.ieee.org/regauth/oui/oui.txt
$ouiDBPath = "/usr/local/share/mac2ip/oui.txt";
open(OUIDB, "$ouiDBPath") || die "Cannot open ouiDBPath: $!";
while(<OUIDB>) {
	chomp;
	($a, $v) = split(/\,/);
	$macDB{"$a"} = "$v";
}

foreach $arg (@ARGV) {
	@found = ();
	@newMacAddress = ();
	$finalMacString = "";
	$foundBool = 0;
	$macaddress = $arg;
	$macaddress =~ s/[^0-9a-fA-F]//g;

	@macElements = split(//, $macaddress);
	if (@macElements != 12) {
		die "Usage: $0 mac_address\n";
	}
	for ($i = 0; $i < scalar(@macElements); $i++) {
		if ($i % 2 == 0) {
			$macElement = $macElements[$i] . $macElements[$i + 1];
			$macElement =~ s/^0//;
			push(@newMacAddress, "$macElement");
		}
	}
	$strippedMacAddress = join(":", @newMacAddress);

	@files = <$fileprefix/*.dat>;
	foreach $fileToUse (@files) {
		open(ARPWATCH, "$fileToUse") || die "Can't open file $fileToUse: $!";
		@lines = <ARPWATCH>;
		close(ARPWATCH);

		foreach $line (@lines) {
			@lineElements = split("\t", $line);
			if ($lineElements[0] eq "$strippedMacAddress") {
				push(@found, $lineElements[1]);
				$foundBool = 1;
			}
		}
	}
	if ($foundBool) {
		foreach $found (@found) {
			$iAddr = inet_aton("$found");
			$dnsName = gethostbyaddr($iAddr, AF_INET);
			if (!$dnsName) {
				$dnsName = "NOT IN DNS";
			}
			@macBytes = split(//, $macaddress);
			$i = 0;
			foreach $mac4Bits (@macBytes) {
				$i++;
				if ($i % 2 == 0 && $i != 12) {
					$finalMacString .= "$mac4Bits:";
				} else {
					$finalMacString .= "$mac4Bits";
				}
			}
			$finalMacString =~ m/^(.*\:.*\:.*)\:.*\:.*\:.*$/;
			$vendor = $macDB{uc($1)};
			if (!$vendor) {
				$vendor = "VENDOR NOT FOUND";
			}
			print "$finalMacString [$vendor] - $found ($dnsName)\n";

		}

	} else {
		@macBytes = split(//, $macaddress);
		$i = 0;
		foreach $mac4Bits (@macBytes) {
			$i++;
			if ($i % 2 == 0 && $i != 12) {
				$finalMacString .= "$mac4Bits:";
			} else {
				$finalMacString .= "$mac4Bits";
			}
		}
		$finalMacString =~ m/^(.*\:.*\:.*)\:.*\:.*\:.*$/;
		$vendor = $macDB{uc($1)};
		if (!$vendor) {
			$vendor = "VENDOR NOT FOUND";
		}
		print "$finalMacString [$vendor] - IP NOT FOUND\n";
	}
}
	For network administrators, being able to trace mac addresses to IP addresses is useful in knowing what's plugged in to your switches. Here's a little script I wrote that takes one argument, the mac-address in hexadecimal format with any number of delimiters, and resolves it to an IP address using an arpwatch database on a Linux machine. It will also resolve the vendor ID using a pre-downloaded database from http://standards.ieee.org/regauth/oui/oui.txt.

	Feel free to use it. If you add something, please let me know!


	Usage: mac2ip.pl <mac-address>

	Example:

	jupiter:~# mac2ip.pl 00:16:35:69:88:49
	00:16:35:69:88:49 [Hewlett Packard] - 192.168.1.2

	#! /usr/bin/perl
	#
	# Written by Shane Ramey
	# 4/18/2010
	# Feel free to release this, and keep my name here if you modify this
	#


	use Socket;

	$fileprefix = "/var/lib/arpwatch";
	# Download oui.txt from http://standards.ieee.org/regauth/oui/oui.txt
	$ouiDBPath = "/usr/local/share/mac2ip/oui.txt";
	open(OUIDB, "$ouiDBPath") \|\| die "Cannot open ouiDBPath: $!";
	while(<OUIDB>) {
	chomp;
	($a, $v) = split(/\,/);
	$macDB{"$a"} = "$v";
	}

	foreach $arg (@ARGV) {
	@found = ();
	@newMacAddress = ();
	$finalMacString = "";
	$foundBool = 0;
	$macaddress = $arg;
	$macaddress =~ s/[^0-9a-fA-F]//g;

	@macElements = split(//, $macaddress);
	if (@macElements != 12) {
	die "Usage: $0 mac_address\n";
	}
	for ($i = 0; $i < scalar(@macElements); $i++) {
	if ($i % 2 == 0) {
	$macElement = $macElements[$i] . $macElements[$i + 1];
	$macElement =~ s/^0//;
	push(@newMacAddress, "$macElement");
	}
	}
	$strippedMacAddress = join(":", @newMacAddress);

	@files = <$fileprefix/*.dat>;
	foreach $fileToUse (@files) {
	open(ARPWATCH, "$fileToUse") \|\| die "Can't open file $fileToUse: $!";
	@lines = <ARPWATCH>;
	close(ARPWATCH);

	foreach $line (@lines) {
	@lineElements = split("\t", $line);
	if ($lineElements[0] eq "$strippedMacAddress") {
	push(@found, $lineElements[1]);
	$foundBool = 1;
	}
	}
	}
	if ($foundBool) {
	foreach $found (@found) {
	$iAddr = inet_aton("$found");
	$dnsName = gethostbyaddr($iAddr, AF_INET);
	if (!$dnsName) {
	$dnsName = "NOT IN DNS";
	}
	@macBytes = split(//, $macaddress);
	$i = 0;
	foreach $mac4Bits (@macBytes) {
	$i++;
	if ($i % 2 == 0 && $i != 12) {
	$finalMacString .= "$mac4Bits:";
	} else {
	$finalMacString .= "$mac4Bits";
	}
	}
	$finalMacString =~ m/^(.\:.\:.)\:.\:.\:.$/;
	$vendor = $macDB{uc($1)};
	if (!$vendor) {
	$vendor = "VENDOR NOT FOUND";
	}
	print "$finalMacString [$vendor] - $found ($dnsName)\n";

	}

	} else {
	@macBytes = split(//, $macaddress);
	$i = 0;
	foreach $mac4Bits (@macBytes) {
	$i++;
	if ($i % 2 == 0 && $i != 12) {
	$finalMacString .= "$mac4Bits:";
	} else {
	$finalMacString .= "$mac4Bits";
	}
	}
	$finalMacString =~ m/^(.\:.\:.)\:.\:.\:.$/;
	$vendor = $macDB{uc($1)};
	if (!$vendor) {
	$vendor = "VENDOR NOT FOUND";
	}
	print "$finalMacString [$vendor] - IP NOT FOUND\n";
	}
	}