• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 24 subscribers
  • Views 2856 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

MAC address history

thatguy

Newbie here, new to IPAM.  We are a medium sized organization looking into something more than a spreadsheet as a IPAM solution.

Is it possible to search on a MAC address to display a chronological log of all ip addresses that were leased, expired, etc by this particular MAC address?  This is useful for troubleshooting should a device be moved or the port be reconfigured, and this allows tracking the lifecycle of a device (rather than an ip address).

Thanks

  • 0

    Ok, I thought it could, but I just definitely confirmed it for you.

    By default it doesn't search on MAC addresses, but there is a down arrow in the search box that if you click on it gives you the option of what fields to search on. 

    I was able to confirm that it does this by going into the database and looking up where it stores the historical IP info and doing a count on the EndpointID to find multiple occurrences of the same MAC Address, picked one that had a lot, figured out what MAC it was and do a search on that.   Have a few months history on it over different IP's and such.  One note, in the DB the MAC address is stored as just letters/numbers, no dashes or anything.  When searching I had to do it in 58-94-6B-32-66-F0, so it is a bit picky on search format.

    That being said, don't be surprised if you get duplicate MAC addresses in your organization.  It's not common, but it is definitely possible. 

    I got a kick out of watching a show last night, I believe "The Followers", where they wanted to find where a particular laptop was and they brought up that they have the BIA of the laptop.  I think they referred to is as the "Built-In Address" rather than the more commonly known "Burned-In Address" that I'm sure most of us refer to it as.   They were hoping to find this super-hacker would could do all kinds of magic real-time and they were acting like this BIA was easily trackable and unique to each system and that you could track it down like a cell phone.   If the guy was as good a hacker as he was made out to be, changing the BIA is quite simple and I'm sure he would have done it.  Not to mention that the BIA is a L2 concept and not readily searchable on a worldwide basis either.   But, I'm sure there is all kinds of non-networking folks all paranoid about their BIA's being traceable now as a result of that show!!   :-)

  • 0 in reply to cnorborg

    Thanks Craig, very good to know this product has the capability.  I will give the trial version a try now, but it's incredibly helpful to have someone with historical data confirm this.

    I didn't understand the database pieces you mention, I assume you connected directly to it to interrogate the tables.  Just to confirm, you didn't have to do anything special other than search the BIA in a format with dashes, correct?

    Thanks again!

  • 0 in reply to thatguy

    Hi,

    Search will work fine for just providing the BIA in a format with dashes.

    Sathya.T

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.