Share this post on:

Vendors use different mac address format. When capturing mac address or arp table, output will be different depending on the vendor or firmware version. Most common MAC formats are:

  • AA-BB-CC-DD-EE-FF
  • AA:BB:CC:DD:EE:FF
  • AAAA.BBBB.CCCC
  • AAAABBBBCCCC

This simple python script searches for all those combinations in provided text file, then performs API request to query for mac address – vendor comibnation.

#!/usr/bin/python3
import re, requests, time, sys, json


def plik(nazwa_pliku):
    with open(nazwa_pliku, 'r') as file:
        data = file.read()
    return data


text_str=plik("mac.txt")


def mac_extract(text_str1):
    p = re.compile(r'(?:[0-9a-fA-F]{4}\.){2}(?:[0-9a-fA-F]{4})|(?:[0-9a-fA-F]:?){12}')
    extracted_mac = re.findall(p, text_str)
    return(extracted_mac)


extracted=mac_extract(text_str)


for mac in extracted:
    queryapi=requests.get(url="https://api.macvendors.com/{}".format(mac))
    time.sleep(2)
    print(mac, queryapi.content)

Usage

Let’s add mac addresses to the “mac.txt” file. I’m simply pasting an output of CAM table from IOS Cisco switch:

  10    00f6.2067.ff08    DYNAMIC     Gi0/2
  10    0cae.7dd8.2d07    DYNAMIC     Gi0/2
  10    1cf2.9a50.e30d    DYNAMIC     Gi0/2
  10    286d.cd56.6685    DYNAMIC     Gi0/2
  10    40ec.99ae.9219    DYNAMIC     Gi0/2
  10    4c3b.dfee.d30c    DYNAMIC     Gi0/2
  10    6490.c114.78cc    DYNAMIC     Gi0/2
  10    68d7.9adc.b650    DYNAMIC     Gi0/2
  10    6a59.6574.91ae    DYNAMIC     Gi0/2
  10    7488.bb59.10d2    DYNAMIC     Gi0/1
  10    7cd9.5c18.e375    DYNAMIC     Gi0/2
  10    bcea.fad5.e47f    DYNAMIC     Gi0/2
  10    bcea.fad5.e488    DYNAMIC     Gi0/2
  10    d425.8b23.4f01    DYNAMIC     Gi0/2
  10    d48c.b50e.2aa3    DYNAMIC     Gi0/2
  10    e87f.9574.44ff    DYNAMIC     Gi0/2
  10    eac2.b977.8e38    DYNAMIC     Gi0/2
  10    ecb5.fa09.30cb    DYNAMIC     Gi0/3
  30    bcea.fad5.e47f    DYNAMIC     Gi0/2

Now, let’s execute the script to find the vendors:

[root@centos ~]# ./mac_python.py
00f6.2067.ff08 b'Google, Inc.'
0cae.7dd8.2d07 b'Texas Instruments'
1cf2.9a50.e30d b'Google, Inc.'
286d.cd56.6685 b'Beijing Winner Microelectronics Co.,Ltd. '
40ec.99ae.9219 b'Intel Corporate'
4c3b.dfee.d30c b'Microsoft Corporation'
6490.c114.78cc b'Beijing Xiaomi Mobile Software Co., Ltd'
68d7.9adc.b650 b'Ubiquiti Networks Inc.'

As we can see, the mac addresses have been parsed properly, the script has iterated through the list of the mac addresses and API query returned corresponding vendor.

Avatar pawel

Author: pawel

Related Posts

Envoy 503 race condition
Send SNI with cURL
OSPF states

Leave a Comment

Your email address will not be published. Required fields are marked *