Using C I am trying to discover the IP of a locally connected device without knowing any information about the device.
[ my box ]--eth0--------------[ unknown device ]
I can't seem to find a way to arp/broadcast to get the IP of the device. I understand that if I use multicast the device itself has to be a member of the group. When I arp or arp-scan they ask me to assign my eth0 interface an IP but I don't have one assigned, I can put one if I need to but I am unsure what it needs to be set to in order to discover anything.
Example: I have a Linksys wireless IP camera and I want to find the IP/Subnet. Without knowing its subnet/netmask I wouldn't know what to set my eth0 to.
I have written a C program to parse the arp table in Linux but I cannot seem to get the IP from the locally connected device in it. As mentioned above, I cannot use these tools without setting eth0 to something.
I think Your best chance to find something is by capturing all incoming network traffic, especially while unknown device is booting (using tcpdump, wireshark or something similar). Just filter out traffic, which is sent from my box.
Most likely You'll see DHCP requests and maybe ARP requests. If device is using DHCP, the easyest solution would be to run DHCP server on eth0 (so You can assign IP to this device).
If for some reason You need to program in C (and network capture gives expected results), libpcap may be usefull.
If evrything else fails, You can try to dicover unknown IP using fake ARP packets (so You don't need to change IP on eth0) and capturing any responses.
Related
I want to send a packet to another machine but with a different MAC address in the ethernet header. For this I am using raw sockets in C and creating my own ethernet header so that I can set the source MAC as desired. The trouble is that I am not sure what destination MAC address to fill in the header. I know the IP of the destination machine but not the MAC. Even if I knew, I don't want to hardcode this MAC.
One option I see is that my machine would know the MAC in its ARP table and I could read it and get the MAC address and fill it in. But doing this before sending each packet is overhead. I could read it once and keep using but what if some day the destination machine gets replaced. The admin would assign the same IP address to the new machine but the MAC address would be different. Probably when the new machine boots up, it would send a Gratuitous ARP and my machine would update its ARP table. But my program wouldn't know this. My program would keep sending packets with old MAC.
I feel I am missing something very basic. Thoughts?
What you are seeing here is the same problem that everyone faces, who tries to implement a network stack.
You have several options:
If the packet is a reply packet, then just use the MAC address of the from address
You can maintain an own arp-table and send a arp request if the entry in your table is missing or outdated. Parse arp replies and update your table accordingly. Packets to be sent without a valid arp table entry have to be queued. This is the most elegant, but also a very demanding option.
You can simply send the packet to the MAC of your local router. It will forward the packet to the correct host specified in the IP header. If your local router employs protocols like vrrp, hsrp or gblp, then the MAC address is always the same and doesn't change, even if your router is replaced.
You can read the MAC address from /proc/net/arp or with ioctl(SIOCGARP, ...);, but the entry for the IP you are looking for might not be present, if your host hasn't tried to communicate with it recently. You could, of course, send a dummy packet with sendto(); to that host before reading the arp table.
If you describe in more detail what you are planning to do, the suggestions might get better.
You can set the MAC address for the device with SIOCSIFHWADDR ioctl request. The manual for netdevice is a good starting point for this.
I know one IP address of the remote node via. traceroute. However, I want to know all the IP address in its interfaces. How can I do so? The node doesn't have hostname so I can't use the API to get various ifaddress using hostname API. I searched various places but couldn't find on how to get the various IP address of the remote node. Is it possible to get it? Basically, I am implementing traceroute and my aim here is to display the loopback address of the intermediate node and not the actual interface address. In case loopback address is not available, I would like to display the actual interface address. I am struggling here and have no clue on it. This is all implemented using C - linux, UDP socket.
I want to know all the IP address in its interfaces. How can I do so
Lookup DNS or login in and use the OS dependant tools/APIs to lookup the local interfaces' IP addresses, else you are lost.
Technically if you are on the same network you could use the macid, and sniffing network traffic, to find other IPs on that interface, but once you leave your local network, its near impossible to find out other ips that machine is listening to, this would be a security issue if they made this information available.
The way traceroute works is by sending packets with increasing IP TTL values towards a remote address and the routers along the way will generate back ICMP TTL time exceeded thus revealing their IP source address back to the sender and so you get to know the hops that your data might be traversing when attempting to communicate to a specific remote address. The icmp error message will contain the ip address of the hop's incoming interface and in your case you want to discover also all other ip addresses assigned to further outgoing interfaces (outgoing as seen from your sender perspective) but this is not possible by using the above mentioned technique or any other.
just as title says.
Let's assume this situation:
I have a network and I need to know IP adresses and everything else related of all computers connected to mantain socket sending via Winsock under Windows.
Is there better way than looping throught IP Adresses range and sending something like:
"Are You there?" and waiting for answer from client?
Performing an ARP scan would tell you which devices are active on the network, regardless of device type or operating system. So this would include PCs, laptops, phones, routers, and any other devices with a NIC. This is the most reliable way of scanning for live hosts on a network.
ARP is the protocol that translates IP addresses into MAC addresses, or vice versa. It allows routing devices to translate between the logical network and the physical network. When you send a packet to, say, 192.168.1.99, your system first sends out an ARP request for 192.168.1.99, saying something along the lines of "Who has 192.168.1.99? Tell [my MAC]". Other devices on the network see this packet, and the owner of that IP address will reply "Hi [MAC], I'm 192.168.1.99, my MAC is 00:12:34:56:78:90".
You can (ab)use this protocol to discover network devices. If you know you're on 192.168.1.x, you send ARP requests for 192.168.1.1 through 192.168.1.254, and record the results. Every reply you get indicates a live system at the defined IP address.
Keep in mind that not all your users will be on 192.168.1.0/24, so you'll need to check the current network configuration first.
As far as doing this in C goes, it's not a simple task. However, you can take a look at this example which implements ARP scanning.
An alternative to the ARP scan suggested by #Polynomial is the PING scan.
Same concept, PING each address in your subnet, and record the results.
Just as an ARP scan may give you false positives (because there is a router saying "I'll deal what that address" whether there is a device on it or not), so too, PING can give you false negatives (as some systems disable the ICMP/PING command).
There is a tool called fping that implements this kind of PING scan in a massively parallel way. Fping is originally a *NIX program, but there are Windows versions out there. You should be able to find the source to peruse if you want to learn the gory details.
I am trying to find out mac address of a machine in a switched environment after sending it a raw packet. I am trying to implement traceroute command . I want to know when i receive a ICMP time exceeded message how can I extract the mac address of that machine . I am a new to network programming so am confused what socket call will help me to extract the mac address.
Thanks .
No, you can not extract MAC address from ICMP reply.
You can only determine MAC addresses of linked machines next to you. In ICMP(tracert) you can just find out the IP address of target or middle machine.
If you want to detect MAC addresses, you should use ARP protcols where it's applicable in local networks not Internet.
ICMP protocol starts after IPv4 header[1] and MAC addresses is related to physical/link layer. In low level layers the MAC addresses will transparent from top level layers such as network(IP) or Transmission,...
To determining MAC addresses, you should use Raw sockets or PCAP SDKs to access lower layers of network programming. (I say again, these are not useful over Internet)
Like Masoud M said, you can only get the MAC address of machines that are on your local network. That said, you can parse the output the arp command to find the MAC address given the IP address of a machine one your local network.
In general, on internet, you don't even know the media a host is using for transmitting packets. Let's suppose a remote host is conected over a serial rs-232-C link with PPP protocol. It doesn't have a mac address. This also happens for example if the host uses a token ring interface or frame relay link. This makes determining the remote mac addresses of hosts a local issue completely. Normally, when you get a packet from a remote site over ethernet, the source mac addres you get in the packet is the one of the last router that links you to the internet, not the one of the original host that sent the IP packet. In the RFC on IP over avian carriers (rfc1149, rfc2549 and rfc6214) the media used for transmission doesn't allow to use mac addresses (the link address, if somewhat feasible on a pidgeon could be, would be its name)
If you want to read about traceroute on ethernet network of switches, perhaps you had to have a look at the IEEE802.1ag, that has an specification to do tracerouting over switches (tracelink service) but I think is far over the scope of this answer.
If I use arp and arping on machines in my local network I get the mac addresses from them. In the same way I can construct and send a ARP request and collect the response to these machines. This is used since I build raw packets completely from scratchy (to allow spoofing of every possible field, including mac addresses if needed). But, when I try arping or arp on external ip's and hosts such as google.com it doesn't get any reply. What should the destination mac address be set to when sending packets to targets outside my local network? I guess the router since that's what passes it on... am I correct? Is there a quick way in ANSI C to collect the mac address of the router in use by the computer? Or at least the IP so I can send a ARP request to it.
Thanx in advance
MAC operations are limited to machines directly connected within your subnet. So you should use the router's MAC address for packets intended for hosts outside your subnet.
There are numerous ways to obtain the router's IP address.
You can parse the configuration files on your local host if the interface is statically configured.
You can see if your compute platform has an API that lets you access the interface configuration information directly. This would work in both static and dhcp cases.
You can write socket code to send an ICMP message to an outside address then parse the incoming responses. They will be from the router. The stack will, in this case, find the router for you.
It should be set to the gateway (assuming ethernet on that link...).