Proving the feasibility of the method, an implementation is also introduced and evaluated regarding its efficiency. Based on an incomplete set of known MAC address to device associations, the presented method can guess correct device and vendor information. In this paper, we propose a lightweight passive network monitoring technique using an efficient Media Access Control (MAC) address-based identification of industrial devices. There are very few publications on lightweight passive scanning methodologies for industrial networks. In such cases, passive network monitoring offers an alternative, which is often used in conjunction with complex deep-packet inspection techniques. Since such additional traffic may lead to an unexpected behavior of devices, active scanning methods should be avoided in critical infrastructure networks. Active scanning, which generates irregular traffic, is a method to get an overview of connected and active devices. For this purpose, scans of networks are crucial. An integral part of an assessment is the creation of a detailed inventory of all connected devices, enabling vulnerability evaluations. Owing to a growing number of attacks, the assessment of Industrial Control Systems (ICSs) has gained in importance. The corresponding paper was presented at the ICS-CSR 2018. The software provided here serves as a PoC implementation. ![]() The windows version comes with the zenmap UI which makes it really easy to use.MacDetec - Device Identification by MAC Address There is also nMap (its free) which will scan for all hosts in a range and report back what it found. With the n(s) being replace by the 6 digits (no spaces no ':') Or, if you already know the MAC address of another device of the same model (and usually manufacturer) you can just run Wireshark on the same subnet when the device is booting and filter for the OUI (the first 6 hex digits of the MAC address) The display filter is =0xnnnnnn It will be sent to the global broadcast address ( 255.255.255.255) you can get the MAC from that packet. Run Wireshark capturing on the directly connected interface and watch for the DHCP request when it boots. Your PC has to be on the same subnet for this to work, so if the device doesn't support zeroconf you are out of luck. The MAC table in the PC will flush itself after a random period of time from 15-30 seconds so you have a limited time to check, although in theory a zeroconf device should be sending out mDNS and other messages so you can find it. To make it easier, you can connect a cheap USB to Ethernet to your PC so you don't have to mess with changing the adapter you are using. You can ignore all the 127.x.x.x (local host) and 224/239.x.x.x (multicast) and you will see the IP address it assigned along with the mac. If you open a console on a windows PC and type arp -a you will get a list of all the MAC addresses your computer knows about. This will cause your PC to update its ARP table with the MAC address. If you connect an Ethernet cable directly from your laptop (either directly or through a switch) to the device and then boot the device, it will broadcast several times during address resolution. Assuming that the device is DHCP by default, most devices support zeroconf and assign an address in the range of 169.254.1.1 to 169.254.254.254. You should be able to do it with your PC. The techniques below should get you there and if they don't work, an appliance wouldn't either. I don't know of an appliance, but it's a neat idea that someone could easily DIY if they were so inclined. Enjoy yourselves and remember, if you name a specific project you worked on, it could get traced back to you, so use common sense! ![]() Some good and some bad, try to keep it civilized. There are a ton of integration companies and manufacturers out there, just trying to make a living. Feel free to post funny installations mistakes, in good humor, but don't get carried away about one company over another, installation or product wise. Feel free to discuss installation, design, or any other aspect of commercial AV. Whether it's the latest and greatest Crestron touchpanel or a new Grommes Precision Amplifier, we want to know about it. Geared toward installation, design, and product discussion in the integration fields. This means government, corporate, education, or other. This helps keep these questions from being asked repeatedly.įor those of us that are interested in commercial audio, video, and control technologies in all sectors. ![]() Post all career related questions in the quarterly career thread stickied at the top of the sub.No marketing, this is for discussion not sales.We are professionals, adults, and scholars in a great but small industry. ![]() We have a Discord! Join the Discord! Click here for the invite.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |