I need to know when a specific pc (which I know ip and MAC) is plugged on the LAN. I want to avoid all polling mechanisms, is it possible under linux to achieve this ? Maybe by sniffing icmp packet?
Thx
If you are in control of the gateway, you can just sniff traffic and see if there's any from/to that host (through MAC or IP address).
If not, things get complicated, and some sort of polling is needed in most cases - in a switched network, you generally won't see the traffic destined for another host; the surest way of checking "online-ness" would be ARP, possibly by using arping (or doing the ARP requests yourself and sniffing the traffic for ARP replies).
Note that neither of these approaches are "sure-fire" - with tools like powernap, (temporarily) offline hosts can appear to be online.
You can use NMAP to scan your network with a simple ping type scan to see what hosts are online and not. This is a polling mechanism, but unless you can program the routers/switches in your network to tell your when MAC or IP address XYZ has started sending traffic, I don't know of any other way to do this.
Related
sorry my poor title but I don't know how to express my intention.
In ipv4 there are 2**32 addresses right?
and then if I send 1024 packets per second I could check all the devices of the internet in 1165 hours to create map of the internet. with it I want to make a topology of the internet
it's not that bad, if I go with multiple computers like raspberry pie it would be more faster.
if it's not me but somewhat organization or people and they have enough time, it could even scanning all the ports of all the devices of the internet..!
is my thought a daydream? or somebody already did it? please let me know! I'm curious
If you are interested in the actual physical location of an IP address, then there are many sources compiled already available, like the one here for free. Some are more accurate(commercial ones) than others.
If you just want to know if an IP address is alive or what services are available then you are out of luck as many of these "public" IP addresses are only accessible from whitelisted sources and/or heavily protected from folks like you trying to sniff around for profiling reasons.
If you would like to map out the topology of the Internet, you could get a view of the Autonomous Systems (collection of IP network addresses typically owned by ISPs or larger corporations) by looking at publicly accessible BGP looking glasses. BGP is the protocol that controls the routing of packets on the Internet. Please note that this is very dynamic and changes frequently due to the dynamic nature of path selection algorythms.
I'm currently trying to route my internet traffic from my Windows laptop(192.168.1.73) to my other laptop running Kali Linux(192.168.1.64), both on the same network. The idea is the Linux laptop would anonymise the traffic sent, possibly hiding my IP in some way. I'm stuck on how to exactly go about this. I've tried using OpenVPN but to no avail.
192.168.1.x is not public IP subnet. So both your computers are in local net. And so one or both have yet default gateway address for access to Internet and another networks. If you want route Internet traffic through the Windows Laptop to Linux computer you have to setup the Windows IP address like default gateway for Linux computer.
Then on Windows you can used two options for access to Internet for Linux:
1. enabled routing functions use Windows like just router
2. used third party software (like Wingate etc) use Windows like NAT proxy
In the first option the Linux IP address will be view at ISP devices
In the second option the Linux IP address will be change on Windows IP adress
The first is very simple for management. The second is harder.
But I don't understood why it all. If you wanna more security in Internet network you can use https://www.whonix.org/wiki/Download and get maximum security level.
I'd honestly trash this idea and use Tor browser instead, you will be 100% anonymous if you follow the guidelines on their website.
The Tor project:
https://www.torproject.org/
Tips on staying anonymous:
https://www.torproject.org/about/overview.html.en#stayinganonymous
Well and if you seriously want to route the traffic to your Kali machine, use some built-in MITM tools (eg. Arpspoof), but be aware, that this will NOT make you anonymous to the outside (Internet).
Here is how you set-up the MITM, but without the intercepting of traffic:
First, we need to forward all the trafic that the Kali machine recieves to the internet
sysctl -w net.ipv4.ip_forward=1
Then you need to send the forged ARP replies
arpspoof -i [Network Interface Name] -t [Windows IP] [Router IP]
So it should look something like this, you can find the router ip by running the command ifconfig (look for "default gateway")
arpspoof -i wlan0 -t 192.168.1.73 192.168.1.1
Then it should be up and running, tunneling you through the Kali machine.
I am trying to create a setup for testing network equipment, and would like to use multiple (3) NICs in a single PC to produce traffic through an external device, i.e. a network switch. From one interface to another.
All of the tests are for IPv6 and ethernet. All NICs have link local and global IPv6 addresses with the same network/subnet prefix.
Atm. all packets are routed internally and never use the physical wire.
I see a lot of threads solving the problem for IPv4 using the net.ipv4.conf.all.accept_local parameter together with some routing table fixes. But I can't find a solution for IPv6.
Anyone know of a solution?
Our customers are typical broadband home users, with a DSL Modem/Router which offers DHCP.
We want our device which is connected to the home LAN and has an embedded HTTP Server to be addressable with a domain name (www.mydevice.ip or something). In particular, we want to avoid that the user has to get the IP address and type it into the address bar of his browser.
What solutions are available?
Has the typical DHCP Modem a DNS included - how do you use it?
Could other services offer help (eg. Bonjour)?
You can use mDNS/DNS-SD using "avahi" daemon -- this should work on mac + linux hosts, and maybe for windows.
For Windows, you can set up SAMBA to get WINS name resolution.
A "typical DHCP Modem" is no standard so there is no default answer.
What you want, is that the modem works as a DNS cache (which is pretty much the default) and additionally add your own, static DNS entries that point to the IP of the entry.
How you achieve that depends on the router...
I need to store persistent reference to third party device on an arbitrary IP network where the IP address of the devices may be static or randomly assigned by DHCP. I don't control the devices on the network and I can't rely on DNS and other ad-hoc networking protocols existing or working with the devices.
So I have been instructed to investigate using hardware addresses and ARP. This will work but I don't want to duplicate code. The kernel must manage an ARP table. On Windows you can access it using GetIpNetTable etc.
I am hoping there is an API to answer these two questions:
How do I translate from IP to MAC address? (ARP)
How do I translate from MAC to IP address? (InARP)
If not then I may have to do it more manually:
How do I read the kernel's ARP table?
How do I add an entry if I have the determined a mapping myself?
/proc/net/arp
K
ARP tables tend to be fairly local and short-lived. If you examine the protocol, the real MAC addresses are generally only provided when the given IP address is in the local subnet.
Otherwise, the packet is forwarded to the local router, which is then responsible for forwarding it.
If you do "arp -g" on Windows or "arp -a" on UNIX, you'll see the table, but I don't think it will do you any good, due to the reasons mentioned above. That command and
That's really what DNS is for but, as you say, it may not be an option for you.
You may well have to write your own 'ARP' database at your application level.
As for ARP:
You could use system("/usr/bin/arp -option_of_choice"); and parse the output, but that's an ugly hack. -- Not my recommendation.
Take a look at /usr/include/linux/sockios.h -- At the SIOCGARP, SIOCDARP, and SIOCSARP details. Those are ioctls that you can perform to manage the ARP table on linux. Of course, you'll have to perform these ioctls on a socket fd.
Here's some examples: SIOCGARP examples
I'm sure you can find many other examples in several other languages as well. As I'm assuming that you're using C.
As for RARP:
A quote from the linux rarp manpage:
" This program is obsolete. From version 2.3, the Linux kernel no longer
contains RARP support. For a replacement RARP daemon, see ftp://ftp.demen-
tia.org/pub/net-tools"
So you'll have to install rarpd on the target system.