Translate MAC address to IP address
Nick Barnes
Nick.Barnes at pobox.com
Wed Aug 13 05:25:32 PDT 2003
At 2003-08-13 12:13:24+0000, Mitch Collinsworth writes:
>
> If you ping the broadcast addr you will (should) get a reply from
> all hosts. This will give you a full arp table that can be
> grep'd programatically. The only hitch is that it's possible for
> someone to put a firewall or other custom setup on a machine to
> prevent it from replying to ping.
A good idea, except that a lot of OSes these days are configured to
ignore broadcast pings. That includes FreeBSD, by default (although
you can change it with the net.inet.icmp.bmcastecho sysctl). This is
because forged broadcast pings were used as DoS attack amplifiers.
The only two machines on our office subnet which respond to a
broadcast ping are a PC running Windows NT4 and an HP LaserJet
printer. I get nothing back from machines running Windows XP, FreeBSD
4.x, and Mac OS X.
> Another way would be to decode packets to read the IP from address.
> Not sure if tcpdump has that ability or it it would take some
> coding. I've always done it with arp myself.
I could do that, but on the subnets I'm interested in, the IP
addresses in most of the packets aren't local to the subnet (most of
the machines on it are routers of one sort or another).
Nick B
More information about the freebsd-net
mailing list