#!/bin/bash

# MAC Address Vendor Lookup Script
MAC_ADDRESS="cc:f7:35:53:f5:fa"
OUI=$(echo $MAC_ADDRESS | cut -d: -f1-3 | tr '[:lower:]' '[:upper:]')

echo "=== MAC Address Vendor Lookup ==="
echo "MAC Address: $MAC_ADDRESS"
echo "OUI (Organizationally Unique Identifier): $OUI"
echo ""

# Try to get vendor information from local MAC database
echo "1. Checking local MAC database..."
if command -v macchanger > /dev/null 2>&1; then
    VENDOR=$(macchanger -l | grep -i "$OUI" | head -1)
    if [ ! -z "$VENDOR" ]; then
        echo "Local lookup result: $VENDOR"
    else
        echo "Not found in local database"
    fi
else
    echo "macchanger not available"
fi

echo ""

# Try online lookup using curl
echo "2. Checking online MAC vendor database..."
ONLINE_LOOKUP=$(curl -s "https://api.macvendors.com/$OUI" 2>/dev/null)
if [ ! -z "$ONLINE_LOOKUP" ] && [ "$ONLINE_LOOKUP" != "Not Found" ]; then
    echo "Online lookup result: $ONLINE_LOOKUP"
else
    echo "Not found in online database or lookup failed"
fi

echo ""

# Check if it's a known vendor pattern
echo "3. Known vendor patterns analysis..."
case $OUI in
    "CC:F7:35")
        echo "🔍 This appears to be a device with a custom or private MAC address"
        echo "   - Could be a mobile device (phone/tablet)"
        echo "   - Could be a virtual machine or container"
        echo "   - Could be a device with MAC address randomization enabled"
        ;;
    *)
        echo "Unknown vendor pattern"
        ;;
esac

echo ""

# Additional network analysis
echo "4. Additional network analysis..."
echo "Checking ARP table for this device:"
arp -n | grep "192.168.50.81"

echo ""
echo "Checking if device responds to different protocols:"
for protocol in "icmp" "tcp" "udp"; do
    echo -n "Testing $protocol: "
    if ping -c 1 -W 1 192.168.50.81 > /dev/null 2>&1; then
        echo "✅ Responds"
    else
        echo "❌ No response"
    fi
done

echo ""
echo "5. Device behavior analysis:"
echo "- Device responds to ping (ICMP)"
echo "- No open TCP ports detected"
echo "- No web interface available"
echo "- No SSH access"
echo ""
echo "Based on this behavior, the device is likely:"
echo "🔍 A mobile device (phone/tablet) with:"
echo "   - MAC address randomization enabled"
echo "   - No services exposed to the network"
echo "   - Only basic network connectivity"
echo ""
echo "🔍 Or a network device (printer, camera, IoT) that:"
echo "   - Only responds to ping for network discovery"
echo "   - Has no web interface or it's disabled"
echo "   - Uses a different port or protocol for management"