Basic networking questions - networking

I am trying to understand how exactly routing works:
if 2 computers are on the same network
if they are on different networks.
More specifically I am trying to understand this: Routing
I am also trying to understand the difference between
IP Address,
Net Address,
Mac Address.
From what I understand:
1) IP Address: is used when computers communicate on the internet only.
2) Net Address: is a local version of the IP address and each device on the network has a unique net address. It's used when devices on the same network want to communicate with each other.
3) Mac Address: is a globally unique address and no other computer in the world has the same Mac address. In reality this is not true because it can be changed. It's used when ???
When a computer wants to communicate with another on the same network, they use net address, right? If the computers are on different networks what exactly happens?
Question: Can someone please fix my mistakes if any and explain what I am missing?
Thank you very much.

There are many network types, but since the most used ones are Ethernet and IP networks (and you seem to be asking about them), I will answer shortly based on them.
IP addresses are always used. They may not be used for deciding who gets the packets directly, but they are the basis even in local networks, since it is an IP network. There can also be other network types that have their own mechanisms, but they are not that common.
In local Ethernet the machines ask via ARP protocol "who has this IP address?" and get a reply with a MAC address. After that they send and receive packets based on that MAC address. The packets still have the IP address information, otherwise the receiving machine wouldn't know what is the destination. Do note that the receiving machine might be a firewall or other middleware device, not the actual computer that has the address. Also a single machine and network card may have several IP addresses set up for it.
In IP networks the IP address is used for routing. All routing devices have a routing table that will tell where the packets should go. If it's a simple device, it usually has a local network and everything else goes via a default gw, which will know better what to do with the packets.
A home router will just push them to the operator, there another router will know what addresses go to their networks, others are pushed forward via another connection, until a bigger place is reached where there are inter-operator connections and they choose again the correct route. And then it goes to smaller and smaller pipes the other way around.

Related

How does a computer know other computer's IP address on a local network?

I'm currently learning about ARP and L2/L3 networking - would someone be able to help out? If I use an ethernet cable to connect my laptop (A) to another laptop (B), it could use ARP to find out B's MAC address based on B's IP address. Then, any ethernet frames could be sent and accepted by B.
But how does A know B's IP address in the first place? What if there is a switch (L2 device) in between A and B? Does this change the answer? What if there was a router in between (an L3 device)?
Usually, a switch/Router will assign an IP.
The question is unclear -
find out B's MAC address based on B's IP address.
B's MAC address is not based on B's IP.
A MAC is associated to the hardware (but somewhat assignable/cloneable) where as an IP is assigned. Either by DHCP or statically by an admin.
Effectively, you need a switch/router to make what you're defining work.
EDIT:
you can connect two computers direct, but you still need to give each a static IP address so they can find each other - this would likely not be ona network so the IP sub-network doesn't matter.
It still has very little to do with MAC.
If two PC's hand-shake, they'll see each others MAC.
It sends out a broadcast packet to the broadcast MAC address asking "who has the IP address x.x.x.x" which goes to all computers on that broadcast domain. If a computer sees that packet that owns the IP address "x.x.x.x" it will send a unicast reply back to the MAC address of the original requestor with its MAC address which will then be cached for further communication.
It doesn't know the IP unless you tell it. You say "the default gateway is 192.168.1.1" and it will start trying to talk to 192.168.1.1 etc.
If there is a router in between, all traffic to the remote device would go to the MAC of the router and your computer wouldn't be doing any ARP lookups other than that router.
Switches wouldn't matter for this, all they do is make the broadcast domain bigger. With a cable the broadcast domain is just you and the remote device. With a switch, it expands that to all devices connected to the same switch (or VLAN in the switch)
But how does A know B's IP address in the first place?
It doesn't know. At least there's no general method to find out.
The IP address of any resource needs to be supplied by "something else". You need to either provide the address yourself, resolve it from a (also provided) DNS name, read it from a file, ... Alternatively, you need to provide some kind of auto discovery between the nodes (broadcast, multicast, LLDP, ...) or provide a commonly known discovery service, registration server or similar.
What if there is a switch (L2 device) in between A and B?
That changes nothing but excludes link-level discovery (unless it's a "dumb" switch that simply forwards those frames).
What if there was a router in between (an L3 device)?
That eliminates broadcast and multicast from the picture. (Multicast could be routed but that is unlikely for discovery and I won't dive into that.)

How to change IP address without VPN/proxy locally?

I'm building a scraper, and in order to not get banned, I have to make my requests from different IP addresses. Right now I'm doing that with a VPN, but it has several issues.
As I was reading about the topic, everybody was advising the methods I currently use, but those have their own problems.
I noticed that connecting to the same network from different devices gives different IP address. Furthermore, the same device connected to the same network, through WiFi, or through LAN gives different IP address. I'm not too experienced in networks, and don't know if those different addresses are really different, or will reveal that the requests are coming from the same network, but may be a good idea.
And if it is, how can I take advantage of it? Is there a way to programmatically create "fake devices" from the same device, getting different IP addresses? (I'm thinking about VMs or something)
Your public IP address is the one allocated to you (or to a group of Internet users you belong to) by your Internet provider.
On your side of your Internet box, the IP addresses are local addresses. Those local addresses cannot be seen from the outside. So you can change your local IP address as much as you want, the outside world will see you with the same IP.
Your solution could be to rent a server on the cloud and run your scraper on it.

How can I programatically set the IP address of a hardware device that doesn't already have an IP set

We have developed a hardware device that doesn't have a screen. It uses TCP/IP to communicate with the network. Currently this is configured by DHCP.
However, we'd like a way to configure it's IP statically by some app I'll have to develop. I notice for some devices like printers there are custom apps that they use to set such information. But how do they talk to the device when the device hasn't been assigned an IP already?
Are they using RAW sockets and a custom protocol? or is there a simpler method. For example, I recall many years ago using a Linux device that somehow received it's initial IP by running an arping. But I don't understand how that sets the IP for other hosts on the network. Nevertheless it seemed to work. Could I mimick that?
e.g. arp -s 191.168.2.2 00-40-9d-22-23-60
So I've got an idea how it works, but I'd like to know what is the common method of setting IP to an embedded device that has no physical screen to configure this.
To be clear, this device does not use Linux.
The standard-conformant way of doing this goes (for IPv4, but IPv6 is similar) along the lines of:
Try to obtain an IP address via DHCP, skip step (2) if that worked. This should be the default.
If no DHCP server responded, use a unique link-local address (These are addresses from the block 169.254.0.0/16 reserved for this purpose. Some parts of the chosen address should be based on something unique to the device, like the MAC address, to make sure the device always chooses the same LL address. Or, to make it fully RFC-compliant: choose a truly random address from this range and probe it - Re-use it when possible) The chosen LL address should be checked against any other use in this network before usage with an arp request on that address (That's probably what you have read). If someone responds to that request, choose a different IP and retry.
Now that you have a temporary IP address, you can use one of the various IP-Multicast-based service discovery protocols to advertise your device to the network.

Windows 7 does not accept broadcasts from ip address 0.0.0.1

we have little network devices which are shipped with IP address 0.0.0.1 to ensure that they never collide with any other device in their new environment (thus none of the 10.x.x.x, 172.16.x.x or 192.168.x.x ranges) until configuration. DHCP is no solution since there might be no DHCP server in the field.
The devices would listen to UDP broadcasts and answer with broadcasts until they are given their new IP address this way.
This worked fine with Windows XP - but sucks with Windows 7: the config program does not receive the answer packets from the devices which still have 0.0.0.1. Wireshark sees the packets, then they are dumped by the system.
Question: Is there any reason (RFC?) that actually prohibits using this address in a local environment? Or is it just MS that was overcautious? Where can I read why they treat this address "invalid"? Which ranges are really "invalid" now, too?
Any idea of a workaround on the PC side (Win 7)?
I know that it is not recommended to use 0.xxx addresses for work places, but for this very reason - having a not-used address - it works perfectly.
Edit: there is a device out there called "Netburner" which might have faced the similar issue, according to their forum. See: http://forum.embeddedethernet.com/viewtopic.php?f=5&t=612&p=2198 Does - by coincidence - anybody know some background information?
It sounds as if your configuration application is listening for broadcast packets on all network interfaces and expecting to receive packets from foreign subnets.
That should not work - the OS should only pass-on broadcast packets from the subnets each network interface is on, not from all subnets on the same physical (e.g. Ethernet) segment. I am reasonably certain that doing otherwise is broken behaviour WRT the IP protocol.
The are two ways to deal with this:
Make sure that your network interface has an IP address in the target subnet. You can have more than one IP addresses for each network card, so that should not interfere with normal network operations.
Configure or modify you application to use raw sockets, like Wireshark. Keep in mind, however, that this overrides all normal checks and balances and should be avoided, since it can cause behaviour that is almost impossible to diagnose - which is why it is frowned upon by meny network administrators.
Can you you add new routing table entries to Windows machines easily? Windows has to know which interface to use when routing a broadcast packet to the 0.0.0.x network.
The Unix machines I'm familiar with have a routing table that maps network/netmask entries to either gateways or interfaces (if the network is a local network). The local network (192.168.0.0/16 for my home network) gets sent to interface eth0. Everything else 0.0.0.0/0 gets sent to a specific gateway machine 192.168.0.1.
If my machine sent a UDP broadcast message to network 0.0.0.0/24 (in other words, UDP broadcast sent to 0.0.0.255, then my machine would forward the packet to the gateway machine (which it can look up via arp). The switches in the middle wouldn't propagate the packet to other network devices, because the MAC address is set.
If my machine had another routing entry for 0.0.0.0/24 to the local interface, then my machine would send the packet on the wire using an ethernet broadcast group, and the switches would forward the packet to all connections. (Yay! Just like hubs in the 90s! :)
So I figure you need to add a routing entry for 0.0.0.0/24 to your client machines, so that they can properly address the broadcast packet.

Automatically detect a new computer connected to the network

Is there an elegant way to make a program detect a new computer that is connected to the network?
I would like my program to "auto-sense" a new computer being connected on the network (they're on the same network). Like a USB device being connected to the computer.
What I'm doing now is to save a list of all computers in the network from time to time. Another approach is to PING all available IPs on the subnet.
Are there any other elegant approaches?
Thanks!
Listening for ARP requests is the canonical way to do this. Independent of DHCP or not, any connected computer that wishes to communicate with the outside world will have to make an ARP request for the address of the default router. This request will go out as a broadcast, and contain the source interface's MAC and IP adresses.
If the other computer uses DHCP, it will make an ARP request for it's own address as part of duplicate address detection, which is also a broadcast you can snoop on.
(This works more or less the same way for IPv6, except you need to look for neighbor discovery or router soliciation packets instead.)
Like the answer alluded to, if you have a switch to which you can telnet or use SNMP on, you can extract the MAC table. That will give you a list of MAC adresses on each port in the switch. If you want the IP addresses however, you still need to listen for ARP:s.
On the other hand, if you have access to the default gateway on the network, you can also look at the ARP table there. That will give you MAC and IP addresses for anyone that has recently (for different values of recently...) communicated with it.
If you have a managed switch of some kind, you could probably connect to that, that would be a fairly elegant method.
If you're on a domain, you can can get a list of all the machines joined to the domain from the domain controller.
Failing that, all I can think of is either a challenge/response thing (e.g. pinging them) or by detecting traffic sent from them (see this question maybe as a starting point?), neither of which strike me as an elegant approach.

Resources