Suppose I have the following situation. I have a Linux box sitting inside a local network, and that box will periodically ping the ip addresses of other devices on the network to make sure they are up. Also assume I know the MAC addresses of these devices, which I obtained via ARP at some point in the past. Now assume that one of the devices goes down and when it comes back up it is assigned a new ip address. How can I modify my periodic ping check to ping the new ip address? Yes I know I can check the arp table on my Linux box to get the new ip address if the record exists. But what guarantee do I have that the arp able on that box has been updated properly? Is there any way to quckly force the arp table on my Linux box to update and somehow find the new ip address for the known mac address?
My initial thoughts would be to disable DHCP and set these addresses statically unless it is critical that they cycle through different addresses.
Related
Is it possible to ping mininet ip? I found mininet's ip starts with 10.0.2.15 . I can ping from mininet to others. However, I failed to ping other place to mininet. How can I setup this?
10.0.0.0/8, which is 10.0.0.0 - 10.255.255.255 are IP addresses used only locally, they are not accessed from the internet (other networks). Here is some info from IANA:
These addresses are in use by many millions of independently operated networks, which might be as small as a single computer connected to a home gateway, and are automatically configured in hundreds of millions of devices. They are only intended for use within a private context and traffic that needs to cross the Internet will need to use a different, unique address.
These addresses can be used by anyone without any need to coordinate with IANA or an Internet registry. The traffic from these addresses does not come from ICANN or IANA. We are not the source of activity you may see on logs or in e-mail records.
In wireshark I can see Membership Query, general IGMPv2 requests coming over and over from 0.0.0.0 source which suggests ( according to RFC ) machine that hasn't received address yet. My question is how in Linux environment I can find such machine. This query triggers many answers and causes significant network communication slowdown.
When a machine is connected to a network for the first time, it will try to find the DHCP servers in order to get an IP address configuration. Untill then, as you already said, it has no IP address and the only identifier it has is it's MAC address, which is used to keep a comunication alive while it negotiates with the DHCP server (during this period it does not have an IP address until the very last).
Answering your question, you'd find the machine you are looking for making use of the MAC address. If you are on a small network, a manual check (ifconfig) will do it but, if you are on a big one, you better check the ARP table of your switch(es) to have a better idea where it could be.
Background:
I'm trying to communicate with an IP camera without the need of a DHCP server. This is how the camera acquires an IP address:
Basic DHCP procedure (discover etc.)
If above should fail the camera has a fallback address of 192.168.0.90
The camera then starts the avahi-daemon and successfully gets a link-local address too for robustness
The IP aliasing is now done and the interface has two IPs.
Problem:
Now the problem is that when I avahi-browse to browse the services on the network, the camera replies with both IP addresses (checked with Wireshark).
Only one is shown by avahi and it could be the zeroconf:ed address or the fallback address.
I want the link local address only, not the fallback. Any reliable way to get it?
Old question but just in case someone else has the same problem:
Avahi will only return one of the IP addresses reported by the device. This seems to be a (debatable) design decision and is explained in this post of the avahi mailing list. So I'm afraid there's no reliable way to get only the link-local address, if you are using avahi-browse.
On a side note, RFC3927 section 1.9 specifically recommends NOT to configure both a routable address and a link-local address simultaneously for the same interface. But I do understand this is the camera's behaviour and probably outside your control.
I need to generate an Ethernet header that includes the destination MAC address, (since libnfnetlink gives only the IP header before prerouting takes place), the outgoing interface number is also known, so the lookup can be made in the correct network.
What's the library/function to resolve the MAC address from an IP address?
It's unclear why you need the MAC address, since that's usually handled for you at a lower level.
However, assuming your target is on your local Ethernet segment, you can use the arp command to look up values in the local cache. If the value is not cached... Well, that's a problem. Perhaps arping would help...
(Normally you'd send a packet to, for example, IP address 10.10.10.10, and your system would send an ARP packet out querying who-has 10.10.10.10, and a response would come back from that target system with its MAC address, and then it would be cached. (You can watch this happening with tcpdump.) Or when a system comes on line it would send out a broadcast message informing everyone else of its MAC address. Naturally, if your destination is on another Ethernet segment, you're routing to a gateway rather than directly to the destination, and no destination-MAC address is available.)
You might read further at:
http://linux.die.net/man/8/arp
http://linux.die.net/man/8/arping
http://linux.die.net/man/7/arp
http://www.kernel.org/doc/man-pages/online/pages/man7/arp.7.html
Obviously you can only find the MAC address for directly connected IP addresses, but there's no platform-independent way of doing it. On Linux, you can look in /proc/net/arp after sending something to the target to trigger the kernel to send the ARP.
Edit to add you could also use the SIOCGARP ioctl() though that just looks in the ARP cache, so it won't send an ARP if there isn't one already there.
Otherwise, you would have to craft your own ARP request packet. You could probably reuse a bunch of code from arping if you go that route.
You cannot in general get the MAC address from the IP address, and in fact as IP can run on data link protocols other than ethernet, some IP addresses have no corresponding MAC address.
The MAC address is only available and only relevant on the same ethernet segment. On that segment, it can be retrieved by an ARP request.
My application is running on CentOS 5.5
I need to send raw packets using libpcap API:
pcap_inject() or pcap_sendpacket()
To the specific IP address
How can I determinate MAC address belongs to a specific target?
It looks like what you want is ioctl and SIOCGARP. That should let you query your arp cache.
I'm assuming that the host in question is on your local network or all you're going to get is your router.
You can also read from /proc/net/arp, which seems easier. You'll need to get an arp request returned first but you'll be doing that whether your tool does it or some third-party makes the request.
In general, MAC addresses don't matter for remote targets. They are not routable; a router here at my office doesn't know the MAC addresses of network cards across the Internet. That's what IP addresses are for. Do you mean local only?