I am trying to use an esp8266 to find what ip addresses are registered on the same subnet and their mac addresses for a home automation project. Does a ping response contain the MAC address of the device or is it possible to ask for it over a local network.
On a *nix system, you can run arping <some-ip> to get the MAC address of a machine on the same network (only those machines which can get your packet without being routed through a network, of course).
As rodolk suggested, you can run pcap and look at the ethernet frames as well. Ethernet frames contain the source MAC, and destination MAC and ethernet type.
Something like this:
uint8_t ether_dhost[ETHER_ADDR_LEN]; /* destination MAC address */
uint8_t ether_shost[ETHER_ADDR_LEN]; /* source MAC address */
uint16_t ether_type; /* packet type ID */
You could sniff packets and parse the ethernet headers, or you could run an arping, I think that should serve your purpose.
Ping does not reveal the MAC address. It simply tells you if a server is online or not.
You can use "nbtstat -a ip" command on windows to do that.
If you are trying to obtain the MAC address (layer 2) given an IP address (layer 3) you can use RARP. Otherwise, if you use ping, at layer 3 you won't have access to the MAC address of the ping response. However you can use pcap to sniff the network, read the ping reply with the apporpriate pcap filter, and obtain the MAC address from the arriving Ethernet frame. You can also use packet sockets to get layer 2 frames. pcap should be useful.
Related
If I connect a device via ethernet onto a switch, and do not receive an IP address via DHCP, how do I determine what the correct settings for that network should be, i.e. how do I choose a static IP address, subnet mask and gateway?
The specifics in my case are that I have an NVR with an 8 port POE switch that has 3 cameras plugged into it. I plugged my Windows 10 PC into the switch, expecting to be issued an IP address from the NVR via DHCP, but my PC was not given an IP. Perhaps the NVR assigns IPs via BOOTP? I want to get onto the network, probably by assigning a static IP that's not already used, then determine the IPs of the cameras so I can stream video from them directly using VLC.
Can I use tcpdump? There should be plenty of traffic from the cameras to the NVR.
how do I choose a static IP address, subnet mask and gateway?
The short answer - this should be done by your network administrator. If you are the network administrator - you should. But seems that you are connecting to the network you know nothing about.. Anyway here are some points that perhaps can help you.
There is a special thing called ARP Duplicate Address Detection (DAD). In Linux you can check if the particular IP is occupied in your broadcast segment with help of arping utility. From MAN page:
-D
Duplicate address detection mode (DAD). See RFC2131, 4.4.1.
Returns 0, if DAD succeeded i.e. no replies are received.
So if IP address is occupied you will see something like:
-bash-4.4# arping -D 10.0.99.99 -I eth0
ARPING 10.0.99.99 from 0.0.0.0 eth0
Unicast reply from 10.0.99.99 [DE:AD:BE:EF:00:8D] 1.274ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
If this IP address is vacant, you'll see no responses. Read about ARP ping in Windows.
Also you can inspect the network through the tcpdump (to see some IP addressing info at least in broadcast packets), nmap and some other scanning utilities, but this topic is too broad (and at the same time it's well disclosed on the Internet). Btw you have to consider network architecture difficulties: vlan and so on.
Here's an image of an arp request that a packet capture file contained.
The ARP sender mac address is different than the Ethernet source mac address.
is that something that can actually occur?
(the arp source mac is also the mac of the router of the subnet)
also this is a part of my homework so it may be a mistake.
You are seeing this behavior because your Huawei access point is acting as a bridge, proxying the arp request. In this arrangement, the source MAC in the ARP header is the actual request or and the source in the frame is the bridge, which will allow it to relay the response to the original source host.
Consider the following figure:
Now, suppose that the host with IP address 111.111.111.111 has to send a packet to 222.222.222.222. Here is what I think will happen:
The sending host will determine that the destination machine is on some other subnet, and hence there won't be an entry for it in it's ARP table. This is done by ANDing the destination IP address with the mask of the sending host's subnet, and then checking for the subnet address.
If it is determined that the destination host is determined to be off the host's subnet, then it will send the frame with the destination address MAC address of the left interface of the middle gateway. My first question: How does the host know the MAC address of this interface?
The gateway will receive the frame, and send it to it's interface on the right. In the frame, the destination and source IP addresses will remain the same, but the source MAC address will be of the left interface, and the destination MAC address will be of the right interface.
The interface to the right will receive the frame, and then will replace the source MAC address with the interface address, and the destination MAC address as the MAC address of??? The router or will be consult its ARP table to find the destination MAC address.
What is the use of the routers in between? Are frames also sent to them using their interfaces' MAC address? For example, the host with IP 111.111.111.111 would first send the frame to the router using its MAC, and then the frame is routed forward.
I am so confused right now. Can someone clear these things up?
Thanks!
Here are some comments/answers:
How does the host know the MAC address of this interface?
It uses ARP for that, but instead of MAC of the destination IP address it requests MAC of the middle gateway.
and the destination MAC address as the MAC address of???
The right host uses the same technique: it sends the ARP request to get a MAC of the middle gateway.
What is the use of the routers in between?
There is just one router and two switches in the picture. Switches are used to split collision domains, while routers are used to split broadcast domains. More on that on Wikipedia:
https://en.wikipedia.org/wiki/Broadcast_domain
Assuming there is no ARP cache in any nodes, and switch table is empty and IP addresses of source and destination are known (using DNS). Also all nodes are considered to be in same subnet. If n1 wants to send a packet to particular node say n2, it requires MAC address of n2.
I think in this case an ARP request will be send to get the corresponding MAC address. But my friend said that n1, will broadcast the main frame, and all nodes will extract the frame till network layer to know if the packet was for them or not.
Whether first method is implemented of the second will change the way table in switch is updated. So, can someone clarify my confusion?
The way it happens is that a host needing to resolve the layer-3 address to a layer-2 address will broadcast an ARP request. The host with that layer-3 address will respond with a unicast ARP reply to the requesting host.
A switch will see the layer-2 source address of any frame entering the switch, and it will build its MAC address table with the source MAC address and the interface where the frame entered the switch. Any unicast frame with a destination address which isn't in the MAC address table will be flooded to all other switch interfaces.
In the case you discuss, the first host will broadcast an ARP request, so the ARP request will go to all the hosts on the same VLAN. At the same time, the switch will add the MAC address of the requesting host to its MAC address table.
The target host will respond with a unicast frame to the requesting host. The switch, knowing on which interface the destination host is, by looking in its MAC address table, will send the frame directly to the destination host. It will also see the source address of the second host, and it will add that MAC address and interface to its MAC address table.
Then the original host can send its frames to the destination host, using the destination MAC address, and the switch will switch the frames directly to the destination host because it has the MAC address and interface in its MAC address table.
Initially the source node will send a broadcast request for the MAC address of the desired IP Address. The switch on realizing the coming packet is a broadcast, will channelize the packet to the other remaining ports. Switch will build the table for the corresponding source node.
All the other nodes will discard the packet, except the one for which it is. This node will reply its MAC address with a unicast reply.
Now since the destination of this packet is already present in the table of the switch, it will simply forward the packet to the corresponding port.
I recently found that packets are encapsulated within ethernet frames. Packets use IP addresses, frames use MAC addresses.
Why aren't IP addresses used in ethernet frames for routing? I understand that when trying to access a basic website, the computer goes to a DNS to find the IP address relevant to the user-entered domain name. How do computers find the correct MAC address?
Really, how are MAC addresses used in routing internet traffic?
Thanks
IP packets aren't always encapsulated in Ethernet frames. There are other physical media such as ISDN, etc. When packets are routed, IP addresses are used to determine the next hop and the physical address is used to physically identify the interface serving as the next hop. Only the former (determining next-hop) is usually called routing.
To answer your second part, MAC addresses are discovered through ARP (Address Resolution Protocol) in IPv4 & ND6 (Neighbor Discovery) in IPv6.
Update:
The destination IP address in the IP header is the final destination. In the process of routing (at each hop), you get the next hop's IP address to (eventually) reach the final destination from the routing table (this could be a default gateway's IP address). To send the packet to the next hop, you need its MAC address. While hopping through intermediate links, the IP address in the IP header don't change - only the MAC addresses change.
Bit late but still here is my answer :) ...
To send data you need two address, the MAC address and the IP address.
Basically the sending host will ARP for a MAC address, this occurs when the local host doesn't know the MAC address of the host it has an IP address for or it will ARP for the default gateway MAC address (if it doesn't already know it) if the IP address in on a different subnet/ network. Once it obtains a MAC address the IP packet is encapsulated in a L2 frame and sent across the media. If the IP packet is meant for a host on a different subnet/ network, it will be sent to the default gateway, this router will de-encapsulate the L2 frame (remove and discard it) check the IP address and will forward it. For the router to do this it needs a MAC address to send it over the media, It will look up the next hop in it's routing table, encapsulate the IP packet with the same source and destination IP address that was sent from the original host into a new L2 frame. This time the MAC address for the source address will be that of the forwarding interface of the router, and the receiving interface of the next hop will be the destination MAC address. This will continue from hop to hop until it reaches the final host, each time the MAC addresses will change, but the original IP address will remain the same.
Here's the key point -- there can be more types of packets than INTERNET traffic. You could be using IPX, which is non-routable. How do clients identify each other? By the MAC address.
Routing != Addressing, which is really where the MAC comes into play.
In order to be routed, the OSI model adds a layer to allow for path discovery to the next gateway. This layer is responsible for routing, but knows nothing about the MAC address.
As a side note, at the hardware level, MAC addresses ARE used by switches, but not for routing. From How Stuff Works:
The switch gets the first packet of data from Node A. It reads the MAC
address and saves it to the lookup table for Segment A. The switch now
knows where to find Node A anytime a packet is addressed to it. This
process is called learning.
In this way, a switch can make sure that traffic is only outputted to the correct port. This isn't accomplishing routing so much as reducing network congestion. Only broadcasts and traffic destined specifically for that MAC address should be sent out the port.
Recently I have been thinking about the same and came upon this question. Here is my answer to this question. Actually MAC address is needed for correctly sending the packet to right destination. This is specially true when packet is needed to sent over a VLAN. There can be multiple switches/routes connected on that VLAN over multiple physical interfaces. However IP Routing is unaware of these physical interface. It only knows about the logical connectivity. For example, route 10.10.10.0/24 is reachable via VE/VIF0.10(logical VLAN interface) and/or nexthop neighbor is 20.20.20.1. There could be multiple interfaces under VLAN 10. Then to which interface packet is sent out? This is where ARP comes in the picture. ARP helps to discover the MAC address associated with the next-hop IP address. When switch/router learns the nexthop MAC. along with that it learns the physical interface also via which that MAC is reachable. Hence while routing packet, firstly MAC corresponding to the destination IP is searched and then the physical interface associated with that MAC is searched. Finally packet is sent out via that physical interface. The MAC corresponding to that destination IP is used as destination MAC. In absence of this, routed packets will always be flooded in the outgoing VLAN.
Hope this helps.
Thanks.
Answer: MAC addresses are not used in the process of routing of a packet.
segment -> transport layer (TCP ports)
packets -> network layer (IP addresses)
frame -> data link layer (MAC addresses)
bits -> physical layer (electric/optical signals)
Create your own packet/segment visit http://wirefloss.com/wireit/
There are 2 models (TCP/IP and ISO/OSI)
In detail:
Your app has some data. This is encapsulated by mentioned layers. Encapsulation means that a header with fields is added at each layer. If your data never leave the local network the MAC address will be the same. Once your data needs to be delivered outside your network the frame header is stripped by router and is replaced by router fields.
UPDATE 2021: Some people seems never heard of ISO OSI model and put this answer as incorrect.