Working on Cisco ASA 5510 device I tried to use the broadcast IP address of a Public Network for NAT Static configuration and IOS allowed me to do it, but from outside it didn't work. After a while I changed the broadcast IP to an usable IP and it started to work.
I understand that on a physical interface we can't configured a broadcast IP address, but for NAT we have to do it, otherwise we loose many Public IP addresses from networks with /29 prefix.
I understand you need to squeeze one more IP address for you to use, however most routers don't support forwarding broadcast traffic, for a simple fact, if that is allowed, anyone can send a ping to someone's broadcast address and every host in that subnet has to reply, that is not acceptable.
Other Internet routers may not tell that IP address is broadcast or not, but think about your ISP router for your access circuit, it has to know that IP address is a broadcast, it has to know your ip range in order to set it up. And when someone send you a ping, the router will say: hey, that is a broadcast address on my client's interface, first thing I know as a router, I must not forward a broadcast, thus drop it.
Hope it helps.
Related
I'm writting a simple network sniffer that should be able to reconstruct network structure.
When an interface has set up a DHCP, I can easily read interface settings such as client IP address, subnet mask, DNS server etc. by catching a DHCP packet and analysing it.
When an interface has a static IP, I'm catching ARP Announcement packet to get static IP address and then ARP request from the gateway, to get geteway IP address. I'm also saving MAC addresses.
My problem is: how to get subnet mask from one or more static IPs in the network and the gateway address. Or by caching some packets. I didn't see packets that could have such informations.
I also need DNS address, but it's less important.
The program should work in OpenWRT (C++).
My problem is: how to get subnet mask from one or more static IPs in the network and the gateway address.
Possibly, you can't.
If the sniffed network uses DHCP then you can monitor the DHCP requests (which should be broadcast) for their subnet mask and router fields which mirror the server's offer.
Without DHCP, all you can do is take an educated guess. If your passive sniffer registers broadcasts from addresses 192.168.1.1 through 192.168.1.29, you know that the prefix length is at most /27. It could also be anything shorter, down to /16, with potential addresses being (currently) absent or silent. The prefix could be even short than /16 if the network admin is ignoring RFC 1918. With public addresses you're mostly on your own.
If you can scan actively you could send ARP requests and see which ones get answered - you'd also see nodes that don't originate any traffic/broadcasts.
The gateway is also just a guess. In a network with mostly Internet-bound traffic, the default gateway is most likely the one being ARPed most often. If the network traffic is mostly server-centric, ARP requests for their addresses outnumber the ones for any gateway.
Your sniffer is severely limited when it is just attached to a switch and listening to broadcast packets only. If the sniffer manages to listen to all traffic on the network (via a monitoring/mirroring switch port) then you can easily identify the gateway by its MAC address that packets for arbitrary IP addresses is sent to and vice versa.
As above, if you can actively send probe packets you could test the gateway(s) with packets that they accept (and hopefully forward) and which ones they reject.
I'm currently learning about ARP and L2/L3 networking - would someone be able to help out? If I use an ethernet cable to connect my laptop (A) to another laptop (B), it could use ARP to find out B's MAC address based on B's IP address. Then, any ethernet frames could be sent and accepted by B.
But how does A know B's IP address in the first place? What if there is a switch (L2 device) in between A and B? Does this change the answer? What if there was a router in between (an L3 device)?
Usually, a switch/Router will assign an IP.
The question is unclear -
find out B's MAC address based on B's IP address.
B's MAC address is not based on B's IP.
A MAC is associated to the hardware (but somewhat assignable/cloneable) where as an IP is assigned. Either by DHCP or statically by an admin.
Effectively, you need a switch/router to make what you're defining work.
EDIT:
you can connect two computers direct, but you still need to give each a static IP address so they can find each other - this would likely not be ona network so the IP sub-network doesn't matter.
It still has very little to do with MAC.
If two PC's hand-shake, they'll see each others MAC.
It sends out a broadcast packet to the broadcast MAC address asking "who has the IP address x.x.x.x" which goes to all computers on that broadcast domain. If a computer sees that packet that owns the IP address "x.x.x.x" it will send a unicast reply back to the MAC address of the original requestor with its MAC address which will then be cached for further communication.
It doesn't know the IP unless you tell it. You say "the default gateway is 192.168.1.1" and it will start trying to talk to 192.168.1.1 etc.
If there is a router in between, all traffic to the remote device would go to the MAC of the router and your computer wouldn't be doing any ARP lookups other than that router.
Switches wouldn't matter for this, all they do is make the broadcast domain bigger. With a cable the broadcast domain is just you and the remote device. With a switch, it expands that to all devices connected to the same switch (or VLAN in the switch)
But how does A know B's IP address in the first place?
It doesn't know. At least there's no general method to find out.
The IP address of any resource needs to be supplied by "something else". You need to either provide the address yourself, resolve it from a (also provided) DNS name, read it from a file, ... Alternatively, you need to provide some kind of auto discovery between the nodes (broadcast, multicast, LLDP, ...) or provide a commonly known discovery service, registration server or similar.
What if there is a switch (L2 device) in between A and B?
That changes nothing but excludes link-level discovery (unless it's a "dumb" switch that simply forwards those frames).
What if there was a router in between (an L3 device)?
That eliminates broadcast and multicast from the picture. (Multicast could be routed but that is unlikely for discovery and I won't dive into that.)
How do I get the internal IP address and port of the local machine in a cross-platform way? Not internal within the LAN, but the ISP, so that other users of the ISP can connect? Is connecting to a VPS with a public IP enough to get the external IP and port outside the ISP? How to get the ISP subnet mask to know when another internal IP is within the NAT?
edit: Probably don't need this. NAT punch through is enough. Am I right that router's don't have the same traversal rules as ISP's?
A NAT's public IP address is its external IP address. I don't understand what you mean by internal IP address. By internal address usually is meant a device's local address.
All the users of an ISP is in local LAN if the ISP has only one NAT under which all the private IP address is assigned. Some ISPs has nested NATs. In that case users under different NATs are in different network.
You can get your NAT's external IP:Port by sending a stun request to a stun server. From the server's reply you can get your NAT's external/public IP:Port. If the users of an ISP are not in local LAN but under different NATs then using their external IP:port they can communicate.
I have a network like that:
Internet <-> Modem <-> Router (broadcast wifi)
I'm using Windows. If I use command: ipconfig, I only know Modem's IP through info of Default Gateway.
So, how to know the Router's IP in this network.
Thanks.
If you want to know the external (from the Internet IP) you can browse to http://www.whatismyip.com/ and check it there.
Or
You can check it inside the router's configuration page. Unfortunately you can't simply know it by being a member of its network since this is a limitation of the NAT and the IP protocol.
If you wish to know the router's IP inside the internal network of the router .
when running ipconfig it should be the Default Gateway entry.
If you know your IP and you know your Netmask, then you can easy find out the subnet. The Router's IP is "always" the first avaible IP in the subnet. Thats the case for your private IP.
For the public IP you can try a service like this one.
I connected two machines via a network cable. I need to get an ARP request data via Wireshark. When I pinged the IP of the other machine, I get the ARP request on Wireshark. But, it is not broadcasting a message. It targets pinged IP address directly. I think a LAN with only two machines does not need to do a broadcast. Am I right? Can any one explain this to me?
Always in ARP packet, MAC address will be broadcast not IP. As it is used to learn MAC address of other host whose IP address is known, ARP packet needs to have valid IP address rather than broadcast IP. You can check ARP packet example at below path:
http://wiki.wireshark.org/AddressResolutionProtocol
Hope this clears your doubt.