Date: Wed, 13 Aug 2003 13:22:56 +0100 From: Nick Barnes <Nick.Barnes@pobox.com> To: Mitch Collinsworth <mitch@ccmr.cornell.edu> Cc: freebsd-net@freebsd.org Subject: Re: Translate MAC address to IP address Message-ID: <65997.1060777376@thrush.ravenbrook.com> In-Reply-To: Message from Mitch Collinsworth <mitch@ccmr.cornell.edu> <Pine.LNX.4.51.0308130808520.20273@saruman.ccmr.cornell.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2003-08-13 12:13:24+0000, Mitch Collinsworth writes: > > If you ping the broadcast addr you will (should) get a reply from > all hosts. This will give you a full arp table that can be > grep'd programatically. The only hitch is that it's possible for > someone to put a firewall or other custom setup on a machine to > prevent it from replying to ping. A good idea, except that a lot of OSes these days are configured to ignore broadcast pings. That includes FreeBSD, by default (although you can change it with the net.inet.icmp.bmcastecho sysctl). This is because forged broadcast pings were used as DoS attack amplifiers. The only two machines on our office subnet which respond to a broadcast ping are a PC running Windows NT4 and an HP LaserJet printer. I get nothing back from machines running Windows XP, FreeBSD 4.x, and Mac OS X. > Another way would be to decode packets to read the IP from address. > Not sure if tcpdump has that ability or it it would take some > coding. I've always done it with arp myself. I could do that, but on the subnets I'm interested in, the IP addresses in most of the packets aren't local to the subnet (most of the machines on it are routers of one sort or another). Nick B
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?65997.1060777376>