Get-MACVendor using Powershell


Introduction:

Yesterday while troubleshooting a network issue, I realized that if I can know the vendor of a MAC Address, then I could understand if it’s a Dell Router, a VMWare virtual NIC or a Dell server then maybe it will make life a bit easy, like in the following example.

3

The Idea and Making it work:

    1. MAC addresses are stored/burned on the device during the manufacturing process and are designed to not to be modified.The first 6 digits (24 bits) of a MAC Address is called as ‘Prefix’, which are Manufacturers bits registered in IEEE database unique to a vendor, somewhat like in below format –

      3

      and next 6 digits are Device unique identifiers, following are 3 formats used to represent a MAC address –

      • MM:MM:MM:SS:SS:SS
      • MM-MM-MM-SS-SS-SS
      • MMM.MMM.SSS.SSS

      So if my MAC Address  is ’48-4D-7E-E6-A8-47′ then the first 6 digits (Prefix) can be easily extracted like
      3

    2. Now I want the list of Vendors registered for every such Prefix, but how to get it?
      Ok, during my graduation days we read somewhere that MAC prefixes are registered at IEEE (Institute of Electrical and Electronics Engineers), So how about checking their website first.

      After some searching on their website, I found MACAddress OUI (Organisationally Unique Identifier) file with Vendor-Prefix mappings in a CSV format and I downloaded it.

    3. Once you have the information, filter out all unnecessary things and store them in a CSV or JSON format, so that it can be easily uploaded/downloaded from a Publically accessible Github repository.

      I scoured and sanitized the file to reduce the size by 3 times so that it’s quicker in downloads and Lookups. Later uploaded it in CSV format to a public GitHub repo here, from where it could be downloaded to any machine.

    4. Write a Powershell function that can
      • Web request above mentioned public Github URL and downloads the content in a reference file.
      • Look up the MAC prefix from the content of reference file, and display the respective Vendor/Organization

        Following is the PowerShell function to get above done


        <#
        .SYNOPSIS
        Find MAC Address Vendors
        .DESCRIPTION
        Lookup Vendor of MAC Address regsitered on IEEE.org (Institute of Electrical and Electronics Engineers) database
        .PARAMETER MACAddress
        MAC address to lookup
        .EXAMPLE
        PS > Get-MACVendor -MACAddress "dc-4a-3e-81-d0-66","d4-81-d7-c4-34-43","48-4d-7e-e6-a8-94"
        MACAddress ManufacturerName
        ———- —————-
        dc-4a-3e-81-d0-66 Hewlett Packard
        d4-81-d7-c4-34-43 Dell Inc.
        48-4d-7e-e6-a8-94 Dell Inc.
        .EXAMPLE
        PS > "18-DB-F2-48-51-F6","58-FB-84-C1-31-26","dc-4a-3e-81-d0-66","00-50-56-C0-00-01","00-50-56-C0-00-08" | Get-MACVendor
        MACAddress ManufacturerName
        ———- —————-
        18-DB-F2-48-51-F6 Dell Inc.
        58-FB-84-C1-31-26 Intel Corporate
        dc-4a-3e-81-d0-66 Hewlett Packard
        00-50-56-C0-00-01 VMware, Inc.
        00-50-56-C0-00-08 VMware, Inc.
        .NOTES
        General notes
        #>
        Function Get-MACVendor {
        Param(
        [Parameter(
        Mandatory = $true,
        HelpMessage = 'MAC Address to lookup',
        ValueFromPipeline = $true,
        Position = 0
        )]
        [ValidateNotNullOrEmpty()]
        [string[]] $MACAddress
        )
        Begin{
        $TempFileName = "$env:TEMP\MACReference.csv"
        If(Test-Path $TempFileName){
        $Data = Import-Csv $TempFileName
        }
        else{
        $Data = Invoke-WebRequest 'http://goo.gl/VG9XdU&#39; | `
        ForEach-Object content | `
        Tee-Object -FilePath $TempFileName -Verbose | ConvertFrom-Csv
        }
        }
        Process
        {
        Foreach($MAC in $MACAddress){
        $Data.where({($MAC.replace(':','').replace('-','')[0..5] -join '') -in $_.assignment.split(' ')}) | `
        Select-Object @{n='MACAddress';e={$MAC}}, ManufacturerName -OutVariable Output
        If(-not $Output)
        {
        Write-Error "Couldn't find Manufacturer information for $MAC"
        }
        }
        }
        End{
        Remove-Variable -Name Data; [gc]::Collect()
        }
        }

        view raw

        Get-MACVendor.ps1

        hosted with ❤ by GitHub

         

         

    5. Make sure when the Powershell function runs for the first time, it creates a local copy of content in a File at a static location, which could be accessed to get MAC vendor prefix information locally for all Future function calls by avoiding the Web request which is slower.I Took care of Local copy part in my PowerShell function like in the screenshot below

      3

Running the Function:

You can run the function like in the below screenshot.

mac

Please Note –

  • The First call to the function would be slow, but from the next call, you have a local copy of the CSV file on your machine, which can be queried comparatively much faster to web requests.
  • There are many Web API’s available that can provide exactly the similar results, but you’ve to agree its fun and learning in creating your own solutions.

Hope you’ll find the script useful and Thanks for reading, Cheers! 🙂

signature

6 thoughts on “Get-MACVendor using Powershell

Leave a comment