Auditing Home Network using MS Windows Based Tools

Prelude

Here I am having gone crazy troubleshooting my home network.  And, so let us write down the little bit I found out.

 

Tools

Address Resolution Protocol ( ARP )

Get all entries in the ARP Pool

Syntax:


arp -a

Output:

arp-allinterface

 

In ARP Pool, get entries for Specific Interface

As we are only interested in the local network, let us get a bit more specific and restrict our search to only our intranet IP Address.

Syntax:


  arp -a -N [IP-Address]

Sample:


  arp -a -N 10.0.4.100

Output:

arp-interface-intranet

 

In ARP Pool, using Specific Interface, perform network sweep

Let us do a network sweep; by adding -v

Syntax:


  arp -a -v -N [interface]

Sample:


  arp -a -v -N 10.0.4.100

Output:

arp-interface-intranet-networksweep

 

Explanation:

  1. When no host
    • Physical Address :- 00-00-00-00-00-00
    • Type – invalid
  2. When internal host
    • Physical Address :- MAC Address
    • Type :- dynamic
  3. When Internet host
    • Physical Address :- MAC Address
    • Type :- Static
  4. Network broadcast
    • Physical Address :- MAC Address – ff-ff-ff-ff-ff-ff
    • Type :- Static

 

Ping -a

Syntax:


  ping -a [IP-Address]

Sample -1 :


  arp -a -N 10.0.4.6

Output:

ping-a-6

 

 

Sample -2 :


  arp -a -N 10.0.4.7

Output:

ping-a-7

 

Sample -3:


  arp -a -N 10.0.4.94

Output:

ping-a-94

Explanation:

So here I am going crazy.  How come I can’t figure out the hostname bearing 10.0.4.94

 

Angry IP Scanner

Downloaded Angry IP Scanner and Java’s JRE 

Ran it and got this back.

AngryIPScanner

So again, though we received back a ping’s response for 10.0.4.94, no corresponding hostname.

 

MAC Address Lookup

Took to the internet to find out who is the manufacturer for the MAC Address corresponding to the IP Address 10.0.4.94

Web Sites:

 

CheckMacAddress

So entered our MAC Address, but got back a vendor that I am still not that familiar with; specifically Azurewave Technologies, Inc., TAIWAN

Lookup

 

Wireless Access Point

Connected to our WAP and using the DHCP Client Table, here is what we received back:

DCHPClientTable

Finally, we have a match for IPAddress 10.0.4.94 /MAC Address 6C…..

Our match is the ChromeCast device that my brother brought us to be able to view youtube videos on the TV.

 

Summary

No country for old men!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s