2 //Harvie's MAC sniffing toolkit (2oo7)
3 //Vice informaci cesky: https://www.soom.cz/articles/print.php?aid=406
6 This if primary for MS Windows (may work at other system, depending on 3rd side programs' output)
10 - ngrep (requires WinPCap for Windows or LibPCap for Unixs)
13 ///SETTINGS/////////////////////////////////////
14 $ngrep = "ngrep"; //NGREP binary
15 $ping = "ping -n 1"; //PING with arguments
16 $arp = "arp -a"; //ARP with arguments to show all ARP records
18 ///FUNCTIONS////////////////////////////////////
20 //Get HW (MAC) address from IP address
21 function get_mac($ip) {
23 shell_exec($GLOBALS["ping"]." ".$ip);
24 $arp = shell_exec($GLOBALS["arp"]);
25 $arp = explode("\n", $arp);
26 foreach($arp as $line) {
27 if(ereg(": $ip ---", $line)) { return("This is your adapter, to find MAC try \"ipconfig /all\""); }
28 if(ereg(" $ip ", $line)) {
29 //echo($line."\n"); //Debug
30 $line = explode($ip, $line);
31 $line = trim($line[1]);
32 $line = explode("dynamic", $line);
33 $line = trim($line[0]);
34 //echo($line."\n"); //Debug
38 return("Not found. Couldn't broadcast to IP.");
41 //Passive scan for active computers (IPs) in network (it's 100% stealth),
42 //but you can use "nmap" (for example) for scanning more more quickly and efectively...
43 //This is waiting in infinite loop...
44 function sniff_ips($device = 1, $subnet = "") {
45 $device = trim($device);
46 $subnet = trim($subnet);
47 $ngrep = ($GLOBALS["ngrep"]." -d ".$device);
48 $fp = popen($ngrep, "r");
52 while($fp && !feof($fp)) {
54 if(ereg("$subnet.*:.* -> .*:.*", $line)) {
55 $line = explode(" ", $line);
56 $line = explode(":", $line[1]);
59 if(!in_array($ip, $ips)) {
63 //You have $ip, you can do anything, that you want:
64 echo($ip." = ".get_mac($ip)."\n"); //Get it's MAC and print it
71 //Quick active scan for MACs and IPS
72 function quick_ipmac_scan($subnet = "192.168.1") {
73 for($i=1;$i<256;$i++
) {
74 //Mega threaded ( This will open 255 processes ;))
75 $fp[$i] = popen($GLOBALS["ping"]." ".$subnet.".".$i, "r");
77 for($i=1;$i<256;$i++
) {
78 while( $fp[$i] && !feof($fp[$i]) ) { fgets($fp[$i]); }
80 system($GLOBALS["arp"]);
83 ///Examples of usage://///////////////////////////////////////////////////////
84 //You have to modify this script, to get that output format, that you want...
88 echo("Sniffing for IP/MAC addresses\nC-c for stop\n\n");
89 //This will sniff on 3rd device ("ngrep -L" for device listing)
90 //And only IPs that starts with "192.168" will be accepted
91 sniff_ips(3, "192.168"); //ngrep -d 3 | grep 192.168.*:.* -> .*:.*
95 Sniffing for IP/MAC addresses
98 192.168.15.82 = This is your adapter, to find MAC try "ipconfig /all"
99 192.168.15.65 = 00-00-24-c1-e7-e8
100 192.168.15.84 = 00-04-e2-cb-bc-6a
101 192.168.15.77 = Not found. Couldn't broadcast to IP.
102 192.168.15.80 = Not found. Couldn't broadcast to IP.
105 //--------------------------------------------------------------------------
108 //Quick active scan for MACs/IPs:
109 echo("Scanning for IP/MAC addresses\nC-c for stop\n");
110 quick_ipmac_scan("192.168.1");
114 Scanning for IP/MAC addresses
117 Rozhrani: 192.168.15.82 --- 0x40003
118 internetova adresa fyzicka adresa typ
119 192.168.15.65 00-00-24-c1-e7-e8 dynamicka
120 192.168.15.80 00-16-ce-0a-0e-a1 dynamicka
123 //--------------------------------------------------------------------------
126 $ip = "192.168.15.82"; //This is your adapter, to find MAC try "ipconfig /all"
127 $ip = "404.168.15.82"; //Not found. Couldn't broadcast to IP.
128 $ip = "192.168.15.65";
129 echo("IP: $ip\nMAC: ".get_mac($ip)."\n");
134 MAC: 00-00-24-c1-e7-e8
This page took 0.45241 seconds and 4 git commands to generate.