7

I wanted to know whether its possible to get the MAC address of remote node (computer/Access Point) if I know its IP address.

I have heard that if someone sends you an email (even through gmail), you can find out the IP address (using the email headers), get the MAC address, and find out the exact physical location of the email sender by querying their ISP and using that MAC address. Can anyone shed light on this?

Scott Pack
  • 15,217
  • 5
  • 62
  • 91
Rushil Paul
  • 611
  • 2
  • 6
  • 9
  • Hi @Rushil, welcome to the site! Can you please explain your question a bit more, and focus on the security aspects? As it stands now, it doesnt seem to fit the scope of this site, please see the [FAQ]. – AviD Jun 10 '11 at 07:14
  • 1
    @AviD - I can't speak for the OP, but the question to me appears to be a matter of privacy concerns. Very relevant, I think. – Iszi Jun 10 '11 at 13:11
  • @Iszi, I read it the other way - i.e. how to find an IP address and MAC address. Dunno, maybe you're right... – AviD Jun 10 '11 at 13:35
  • You know that MAC addresses can be spoofed right? – this.josh Jun 11 '11 at 18:05
  • @josh Yeah I know that but you can't spoof your MAC completely by editing it in d hardware. – Rushil Paul Jun 11 '11 at 21:57
  • 1
    @Rushil, what did you mean by your last comment "but you can't spoof your MAC completely by editing it in d hardware"? you can spoof it completely, why does it matter in hardware or not? – AviD Jun 11 '11 at 22:25
  • A MAC Addresss cannot tell you the physical location. Besides if your using email then your contents of your account can only be read by Google and yourself. – Ramhound Aug 19 '11 at 18:09

3 Answers3

10

Information sent in headers through the GMail web interface:

Received: by 10.0.22.202 with SMTP id o10mr1683492bkb.70.1307695606700; Fri,
 10 Jun 2011 01:46:46 -0700 (PDT)
Received: by 10.0.57.83 with HTTP; Fri, 10 Jun 2011 01:46:46 -0700 (PDT)
X-Originating-IP: [121.121.121.121]

However, using a software client, my email headers say this:

Received: from [192.168.17.21] (myhost.myisp.com [121.121.121.121])
    by mx.google.com with ESMTPS id ex2sm1432764wbb.65.2011.06.10.01.32.47
    (version=TLSv1/SSLv3 cipher=OTHER);
    Fri, 10 Jun 2011 01:32:48 -0700 (PDT)

So yes, your email headers may contain the IP Address of the location from which you connected.

Can you deduce a hardware MAC address from this? Not unless you're on the same subnet and can send ARP requests or have some other local access. That's how internet routing works - even Google's SMTP server won't have had that information. If you do have local access to a network, using email to get that information is probably excessive anyway; you could find it simply by listening on the wire or OTA.

  • 3
    If the other computer is an old enough Windows machine (XP era), and ports 139 & 445 aren't blocked anywhere along the route, you can get the MAC address with a netbios query. It'd be rare to find something that unsecured in the wild, though. – user502 Jun 10 '11 at 13:10
  • Is there no way of finding the MAC addr of an Network Card, when you know its public IP addr ? I specified in my question "remote host".. Its easy doing it from within the same subnet.. All I need to do is to track a particular IP addr down to his personal identity..since someone had opened my Facebook account, & got his IP addr – Rushil Paul Jun 11 '11 at 21:53
  • @user502 - Its probably an XP computer..I'll go for a Netbios query but I don't know exactly how to perform it.. – Rushil Paul Jun 11 '11 at 21:55
  • @Rushil that's probably a separate question... have a search on superuser or serverfault and see if it's been asked there; chances are it has. –  Jun 11 '11 at 22:39
10

  1. With regards to email headers, you can, in some occasions, find the IP address of the sender using the email headers, and track him using this address, not the MAC address. IP Geolocation has always been around, but some interesting research has been made recently (Towards Street-Level Client-Independent IP Geolocation - Yong Wang)

  2. A way to track MAC addresses, that I expect will be more common in the years to follow, is through the IPv6 address of a host. In certain implementations of IPv6 addressing where an IPv6 address is automatically generated for an interface, the MAC address of that interface is embedded in the host part of the IPv6 address. (details)

nealmcb
  • 20,693
  • 6
  • 71
  • 117
john
  • 10,998
  • 1
  • 36
  • 43
  • As for querying MAC address, see http://security.stackexchange.com/questions/64281/how-to-get-mac-address-via-ip/64291#comment104114_64283 – Pacerier Nov 09 '15 at 21:04
5

If you know the IP address, you pretty much know all you need to – you can use geolocation. But geolocation will not help you get the exact physical location, it's only approximate.

You could probably find the exact physical location only if you had access to the ISP's database of customers, which would require you to hack into it.

Knowing the MAC address won't reveal any additional information (except manufacturer of the target's network card or router).

MAC addresses are useful only inside one local network, they are used for addressing on a lower level than IP addresses. Because of that, the normal way of finding MAC address for certain IP address (ARP) works only inside local network.

svick
  • 231
  • 1
  • 2
  • 7
  • 1
    Won't the ISP's database contain any kind of information which regarding the details given by the customer when he signed for the connection?? And I heard that a MAC address can be used to uniquely identify a customer in d ISP's database..I don't know if its true – Rushil Paul Jun 11 '11 at 21:46
  • @Rushil, the ISP doesn't need to store the MAC address, so I don't know why would they store it (that doesn't necessarily mean they don't). And yeah, the database has to contain data like address, e-mail, phone number. – svick Jun 11 '11 at 22:08
  • Talking abt email addresses, If I connect to gmail and send an email from gmail's web interface, the email does pass through my ISP servers, but do those servers formally have to do anything with my email ? (you said database contains customers' email addresses) – Rushil Paul Jun 13 '11 at 00:41
  • @Rushil, Gmail knows your IP address, but the e-mail isn't actually sent from your computer. Basically, when you use any webmail (and not SMTP from your e-mail client), you're not really sending an e-mail. You're just telling your mail service to send the e-mail on your behalf. – svick Jun 13 '11 at 06:04
  • @svick, Knowing the MAC address **can** reveal more information if you have a customer database of some sort. Then you'd know who bought that piece of equipment. – Pacerier Nov 10 '15 at 11:12