I would like to get the list of all the active IP devices in a network using C.
I will explain my problem with an example.
example: I have 5 devices in a network with the IP ranging from
device 10.0.0.2
device 10.0.0.3
device 10.0.0.4
device 10.0.0.5
device 10.0.0.6
From my application I would like to get this list. My platform is Linux and I am using C. Currently I am not using any networking libraries. If some libraries provide such utilities I am one to use the same.
Please advice on the same.
There is no super fast direct logic for knowing which IP-addresses are online, but there are tricks that can be used.
The most common that does not require anything special is just to trying to connect to each host using TCP, on the service you expect.
Another technique can be do send out ICMP ping first, but not all OS'es answer to ping with default settings etc.
Last technique that can be used (that only works for local networks, not via gateway), is that after you try to send the ping, look at the ARP table. If a valid ARP entry exists, the host is online, even if no ping reply has been received.
You can use nmap (note /24 for the subnet mask, and -sn flags for the quick Ping Scan), as stated in the https://www.howtogeek.com/423709/how-to-see-all-devices-on-your-network-with-nmap-on-linux/
sudo nmap -sn 192.168.4.0/24
You can also do a broadcast ping but nmap gives you much more details:
ping 192.168.178.255 -b
Related
As a project I have a physical firewall (IP: 10.0.0.2) with a SPAN port configured to a physical linux (CentOS 6) (IP: 10.0.0.3) on which I am running Suricata IDS.
Theoretically I should receive all the traffic to the box through an interface I called "span0". I can confirm this by running ifconfig and see traffic. So all good.
When running Suricata as follows: sudo suricata -c /etc/suricata/suricata.yaml -i span0 | I am not getting any errors. Also good.
The question here is how to configure the suricata.yaml file.
Should I have the HOME_NET on 10.0.0.2 or on 10.0.0.0/8?
Looking forward to hear your feedback, Jan (Honza) Novak
I am not a great IDS setup specialist, but I would suggest that the configuration depends on the network setup.
If the firewall simply broadcasts everything through itself, then you should choose 10.0.0.0/8 to protect the entire network. On the other hand, with this setting, events within the network may go unnoticed.
If NAT is configured, then I would suggest choosing 10.0.0.2 to track possible malicious activity both outside and inside the network.
Is it possible to ping mininet ip? I found mininet's ip starts with 10.0.2.15 . I can ping from mininet to others. However, I failed to ping other place to mininet. How can I setup this?
10.0.0.0/8, which is 10.0.0.0 - 10.255.255.255 are IP addresses used only locally, they are not accessed from the internet (other networks). Here is some info from IANA:
These addresses are in use by many millions of independently operated networks, which might be as small as a single computer connected to a home gateway, and are automatically configured in hundreds of millions of devices. They are only intended for use within a private context and traffic that needs to cross the Internet will need to use a different, unique address.
These addresses can be used by anyone without any need to coordinate with IANA or an Internet registry. The traffic from these addresses does not come from ICANN or IANA. We are not the source of activity you may see on logs or in e-mail records.
I have a RHEL client machine which has to get data from the RHEL server machine at the time of booting up.
The IP address of the server is known.
The gateway which has to be used by the client machine is known.
The client machine has multiple network interfaces. All may not be up at the same time or all may be connected to different networks.
I need to determine which network interface has to be used.
I know that this can be easily done using the "ping" or "traceroute".
The issue is ICMP protocol is disabled both at the client end as well as the server end.
ICMP has been disabled due to security concerns.
ICMP may be disabled at machine level or it may be disabled for the whole network.
In otherword, I need to find a way that can give me if two ip's are communicating if ICMP is disabled.
Also, I have to use this result in my script, which I am writing in bash, to set the network of the client machine.
What is the best possible way to achieve this?
You can ping the ip with ARP try using arping command
For the sake of simplicity, I will refer you to http://en.wikipedia.org/wiki/Berkeley_sockets and the UDP server and client source code there.
I am trying to send a packet using UDP protocol to a linux VirtualMachine server program. Both my host and VM ping well; all packets sent are received in both directions. However my server program is either not receiving any packets, or it is simply not printing. Either way, it isn't printing the confirmation or contents of any packets I send to it from the host.
I do not have another PC handy, but both programs communicate well enough if I stage them on the same computer and Wireshark reports that the packets are being sent.
Mine is a three part question: first, how can I fix this. Second, why would the host and VM receive each others ping messages, but not pass these on to the open sockets of both ends of my UDP system? Finally, do you have any suggestions about the form or intent of this question?
EDIT: I've tried running my VM with the NAT and bridged adapter network setups. However, I can't conceptualize the relationship between those setups and my problems right now.
With NAT networking, the VM gets a private IP address (usually 192.168.x.y) and the host does NAT translation of outgoing packets, and translates reply packets back to the VM. In this mode, all communication must be initiated by the VM -- outside machines can only send packets to the VM in reply to packets the VM sent to them. On the network, the packets will look like they're coming from/going to the host on some unrelated port.
With bridged networking, the VM gets a device that connects directly to the host's network device. In this mode, the VM appears as a separate machine on the same network LAN as the host, with its own IP address. You need to allocate an IP address for it, the same as the host get allocated an IP address (usually via DHCP).
In either case, to debug what is going on, use tcpdump/wireshark on the host to monitor the host's network device. Send packets from the VM, and you should see them in the trace -- they'll appear to come from the host and a different port in the NAT case, and will appear to come from the VM's IP address (and unchanged ports) in the bridged case.
Once you see that, you should be able to send packets back to the VM, though in the NAT case, they must come FROM the address/port the original packet(s) were sent to.
There are known issues with VirtualBox bridged networking not working properly on wifi devices; in general you can only use bridged networking with wired networks.
Oracles VB manual page clear all the terminology used in settings.
I've had similar problem, where my VB program didn't receive any packets, which I solved by setting "Bridged Networking" and setting up proper source/destination IP address in my program by analyzing WLAN interface with wireshark and using ifconfig (or ipconfig) in terminal.
What you have:
bond (bond0) interface (all modes except 4) with at least 2 ifaces (say eth0 / eth1) connected on the same external switch
bond0 interface joined on a software bridge (br0)
virtual machine (vm0) (eg LibVirt::LXC) with an interface on br0
What you get:
vm0 is not able to connect to (most) IP addresses via bond0 over br0
"bond0: received packet with own address as source address" in syslog
Why you get this:
When vm0 wants to contact an external IP address it will send out an ARP request. This L2 broadcast with the source mac of vm0 will leave through (depending on bonding mode) eg eth0, but via the external switch, re-enter through eth1 and thus bond0. Hence the switch br0 will learn the mac-address of vm0 on the port connected to bond0. As a consequence the ARP-reply is never received by vm0.
What can you do to resolve:
The reason I post this, next to sharing the info, is that I wasn't able to figure out a good enough solution. Those I did find are:
On vm0 set static ARP entry
Use bond0 mode=4 but your external switch must support this
Configure your external siwtch to use private VLAN on eth0/eth1 but only works in some use-cases and adds complexity
Add both physical interfaces to the bridge with spanning tree enabled, instead of using bond driver
Statically configuring the MAC of vm0 on the correct port of br0 is not an option on Linux (works on OpenBSD though)
I'm really hoping for a more elegant solution here... Anyone?
Thanks
I've got the same problem and I come up with the same analysis.
The only non-invasive/scalable solution I've found is to use the active/backup bonding (mode 1). The tradeoff is that you lose the aggregation.
IMO, the best solution is to use 802.3ad, but I can't always use it because I'm limited with 6 port-channels on most of my switches.
Try these options in bridge:
brigde_fd 0
bridge_stp off # switch on with more system like this
bridge_maxage 0
bridge_ageing 0
bridge_maxwait 0
Taken from this thread:
kvm bridge also in proxmox