While researching fast ways to find a relationship between a MAC and IP address, I dug up some info on Inverse ARP and found out that it isn’t widely a supported protocol. Basically, it’s only used in frame relay networks, which doesn’t help matters.
So I did what any sensible geek does, I hacked something together.
This is just the proof of concept, and I do hope to someday have it more self contained. At the moment it relies on WinPcap and SharpPcap, which makes it quite large and cumbersome to deploy.
So far, there are two parts, inarp.exe and inarpd.exe. Inarp.exe gets the IP associated with the specified MAC, while inarpd.exe intercepts InARP packets and sends the appropriate replies.
Basic use:
//remote machine inarpd.exe //your machine inarp "ma-ca-dd-re-ss-s0" //sends queries on all network interfaces inarp "ma-ca-dd-re-ss-s0" "Network interface GUID" //Sends on a specific interface No interface specified or matched criteria. [ARPPacket: 8 AAAAAAAAAAAA -> BBBBBBBBBBBB, 0.0.0.0 -> 0.0.0.0] //InARP Request [ARPPacket: 9 BBBBBBBBBBBB -> AAAAAAAAAAAA, 192.168.1.101 -> 0.0.0.0] //InARP Reply
