From owner-freebsd-net@FreeBSD.ORG Wed Aug 13 04:35:48 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CD6F37B401 for ; Wed, 13 Aug 2003 04:35:48 -0700 (PDT) Received: from raven.ravenbrook.com (raven.ravenbrook.com [193.82.131.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id BBBCA43F75 for ; Wed, 13 Aug 2003 04:35:46 -0700 (PDT) (envelope-from nb@ravenbrook.com) Received: from thrush.ravenbrook.com (thrush.ravenbrook.com [193.112.141.249]) by raven.ravenbrook.com (8.12.6/8.12.6) with ESMTP id h7DBZhuL043105 for ; Wed, 13 Aug 2003 12:35:43 +0100 (BST) (envelope-from nb@ravenbrook.com) Received: from thrush.ravenbrook.com (localhost [127.0.0.1]) by thrush.ravenbrook.com (8.12.9/8.12.9) with ESMTP id h7DBXDnH065627 for ; Wed, 13 Aug 2003 12:33:13 +0100 (BST) (envelope-from nb@thrush.ravenbrook.com) From: Nick Barnes To: freebsd-net@freebsd.org Date: Wed, 13 Aug 2003 12:33:13 +0100 Message-ID: <65626.1060774393@thrush.ravenbrook.com> Sender: nb@ravenbrook.com Subject: Translate MAC address to IP address X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2003 11:35:48 -0000 [-net seems to be the right forum for this.] I have some MAC addresses from a local Ethernet segment. I want to convert them into IP addresses. How can I do that programmatically? (i.e. not "ping likely candidates and then eyeball the arp -a output"). I'm prepared to burn hundreds of packets, and possibly wait a few seconds, to get the result. I understand that the mapping may be dynamic, especially in the presence of DHCP etc, and I'm prepared to put up with that; a "best guess" is far better than nothing at all (and in fact on my local network the mapping is pretty static). This is on 4.8-STABLE. Background: I have written a small utility for traffic volume monitoring on an Ethernet segment. It uses libpcap to capture the ethernet header of every packet and counts traffic volume by source and destination MAC. A bit like a lobotomized tcpdump (and indeed that is what I started with). Currently the report looks like this: Per-MAC: out out in in packets bytes packets bytes ff:ff:ff:ff:ff:ff: 0 0 4 240 00:07:e9:db:2a:26: 71 5435 127 70958 00:02:b3:33:37:0f: 389 290734 331 38761 00:90:27:ed:3c:70: 33 15909 30 4105 00:50:fc:01:f4:0e: 7 1648 5 717 00:d0:b7:ac:99:87: 142 15184 153 105835 00:03:47:fa:fb:5b: 105 15832 98 115895 00:07:e9:92:c0:76: 28 3221 27 11452 Per-header: packets bytes 00:90:27:ed:3c:70 -> 00:d0:b7:ac:99:87: 7 4798 00:d0:b7:ac:99:87 -> 00:90:27:ed:3c:70: 6 689 00:90:27:ed:3c:70 -> 00:02:b3:33:37:0f: 6 513 00:02:b3:33:37:0f -> 00:90:27:ed:3c:70: 6 1273 00:02:b3:33:37:0f -> 00:07:e9:92:c0:76: 7 854 00:07:e9:92:c0:76 -> 00:02:b3:33:37:0f: 8 958 00:02:b3:33:37:0f -> 00:07:e9:db:2a:26: 127 70958 00:07:e9:db:2a:26 -> 00:02:b3:33:37:0f: 71 5435 00:d0:b7:ac:99:87 -> ff:ff:ff:ff:ff:ff: 2 120 00:50:fc:01:f4:0e -> 00:02:b3:33:37:0f: 7 1648 00:02:b3:33:37:0f -> 00:50:fc:01:f4:0e: 5 717 00:02:b3:33:37:0f -> 00:d0:b7:ac:99:87: 146 101037 00:d0:b7:ac:99:87 -> 00:02:b3:33:37:0f: 134 14375 00:07:e9:92:c0:76 -> ff:ff:ff:ff:ff:ff: 2 120 00:90:27:ed:3c:70 -> 00:07:e9:92:c0:76: 20 10598 00:07:e9:92:c0:76 -> 00:90:27:ed:3c:70: 18 2143 00:03:47:fa:fb:5b -> 00:02:b3:33:37:0f: 105 15832 00:02:b3:33:37:0f -> 00:03:47:fa:fb:5b: 98 115895 total: 775 347963 I would like to be able to report by IP address. Yours, Nick Barnes Ravenbrook Limited