Determining IP address from MAC address - TCP-IP

This is a discussion on Determining IP address from MAC address - TCP-IP ; Hi, I have a MAC address for a given system and need to be able to programatically determine it's IP address for use with a TCP-IP based application. Clearly, the ip address might be in the arp table for ced ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Determining IP address from MAC address

  1. Determining IP address from MAC address

    Hi,

    I have a MAC address for a given system and need to be able to
    programatically determine it's IP address for use with a TCP-IP based
    application. Clearly, the ip address might be in the arp table for ced
    host but the problem occurs when it is not. The options as I see it
    are

    1) broadcast ping (programmatically horrible as every host on the
    network will respond)
    2) inverse arp lookup

    My questions are:

    1) Does linux support the inverse arp protocol, as various resources
    I've seen indicate it is primarily used for frame relay? If so could
    you direct me to the appropriate resources as I've been unable to
    determine if linux supports this.

    2) What other methods could I use to obtain this information?

    Regards
    Ian Neal


  2. Re: Determining IP address from MAC address

    In article <1150126387.901049.172280@g10g2000cwb.googlegroups. com>,
    wrote:
    > I have a MAC address for a given system and need to be able to
    >programatically determine it's IP address for use with a TCP-IP based
    >application.


    Is it certain that it has exactly one IP address? Not zero IP
    addresses and not 2 IP or more IP addresses?

    > Clearly, the ip address might be in the arp table for ced
    >host but the problem occurs when it is not. The options as I see it
    >are


    >1) broadcast ping (programmatically horrible as every host on the
    >network will respond)


    In my experience, roughly 1/3 of hosts will respond to a broadcast
    ping, and the rest will ignore it. There does appear to be a correlation
    to operating system, but not a strict correlation.

    >2) inverse arp lookup


    >My questions are:
    >
    >1) Does linux support the inverse arp protocol,


    Yup, search for rarpd

    >as various resources
    >I've seen indicate it is primarily used for frame relay? If so could
    >you direct me to the appropriate resources as I've been unable to
    >determine if linux supports this.
    >
    >2) What other methods could I use to obtain this information?


    rarp is not particularily reliable for this kind of work.

    If you are using a hub, sniff the ARP packets (or all packets) to find
    instances in which the target host happened to send out an IP packet.

    If you are using a managed switch, use SNMP to poll the port ARP entries.
    (NB: Roberson's Rule of SNMP: "Switches Lie.") Oh, and figure out
    what you are going to do about VLANs, because if you have VLANs the
    SNMP can get noticably more complex.

    If you are using an unmanaged switch... Ummm, replace it with a
    managed switch. Or find a way to poll the DHCP server that handed out
    the IP address (if you aren't using DHCP then what's the point of
    hard-coding by MAC without IP?) Or rewrite the application so that
    the client sends out Whosvills ("We are here!" messages), possibly
    via multicast.

  3. Re: Determining IP address from MAC address

    You are correct, the MAC could be associated with more that one ip
    address, .i.e ip address aliases etc.

    I was under the impression that reverse arp is not the same as inverse
    arp. Reverse arp is machine sends a reverse arp packet with its MAC to
    determine its own IP address (ie the rarpd server responds). Inverse
    arp is some other host on the network needs to figure out the IP of a
    different machine (ie. not itself).

    Does linux support sending these packets, if so how? Also are the ip
    stacks of most operating systems Windows, HP-UX, AIX, Solaris etc
    configured to respond appropriately so that the arp table will then
    contain the appropriate entry.

    Thanks



    Walter Roberson wrote:
    > In article <1150126387.901049.172280@g10g2000cwb.googlegroups. com>,
    > wrote:
    > > I have a MAC address for a given system and need to be able to
    > >programatically determine it's IP address for use with a TCP-IP based
    > >application.

    >
    > Is it certain that it has exactly one IP address? Not zero IP
    > addresses and not 2 IP or more IP addresses?
    >
    > > Clearly, the ip address might be in the arp table for ced
    > >host but the problem occurs when it is not. The options as I see it
    > >are

    >
    > >1) broadcast ping (programmatically horrible as every host on the
    > >network will respond)

    >
    > In my experience, roughly 1/3 of hosts will respond to a broadcast
    > ping, and the rest will ignore it. There does appear to be a correlation
    > to operating system, but not a strict correlation.
    >
    > >2) inverse arp lookup

    >
    > >My questions are:
    > >
    > >1) Does linux support the inverse arp protocol,

    >
    > Yup, search for rarpd
    >
    > >as various resources
    > >I've seen indicate it is primarily used for frame relay? If so could
    > >you direct me to the appropriate resources as I've been unable to
    > >determine if linux supports this.
    > >
    > >2) What other methods could I use to obtain this information?

    >
    > rarp is not particularily reliable for this kind of work.
    >
    > If you are using a hub, sniff the ARP packets (or all packets) to find
    > instances in which the target host happened to send out an IP packet.
    >
    > If you are using a managed switch, use SNMP to poll the port ARP entries.
    > (NB: Roberson's Rule of SNMP: "Switches Lie.") Oh, and figure out
    > what you are going to do about VLANs, because if you have VLANs the
    > SNMP can get noticably more complex.
    >
    > If you are using an unmanaged switch... Ummm, replace it with a
    > managed switch. Or find a way to poll the DHCP server that handed out
    > the IP address (if you aren't using DHCP then what's the point of
    > hard-coding by MAC without IP?) Or rewrite the application so that
    > the client sends out Whosvills ("We are here!" messages), possibly
    > via multicast.



  4. Re: Determining IP address from MAC address

    wrote in message
    news:1150140260.301081.107940@f6g2000cwb.googlegro ups.com...
    > You are correct, the MAC could be associated with more that one ip
    > address, .i.e ip address aliases etc.
    >
    > I was under the impression that reverse arp is not the same as inverse
    > arp. Reverse arp is machine sends a reverse arp packet with its MAC to
    > determine its own IP address (ie the rarpd server responds). Inverse
    > arp is some other host on the network needs to figure out the IP of a
    > different machine (ie. not itself).


    True. Doubt many machines in a typical internal network have either turned
    on these days very often.
    >
    > Does linux support sending these packets, if so how? Also are the ip
    > stacks of most operating systems Windows, HP-UX, AIX, Solaris etc
    > configured to respond appropriately so that the arp table will then
    > contain the appropriate entry.


    i suggest a variation on Walters scheme - use SNMP to pull the ARP table
    from a device you "know" will have a reasonable ARP table, and search that.
    Good candidates are a local file / authentication server if you have a
    "flat" network, or the router that acts as default gateway for the
    subnet(s).

    Note that this is easy for a small network with a few subnets and central
    router or layer 3 switch, and completely impractical for a big network with
    100s of sites and a large WAN.

    However - if you plan to do this on a really big network, then it is worth
    asking if the info you want is already in a server somewhere - they may run
    a centralised server for MAC / Name / IP mapping such as QIP, or they may
    use a central net management system that collects such info.....

    this ignores a few nasties
    - any devices with managed MAC addresses (ie no fixed MAC? - common if
    there is some Token Ring lying around).
    - servers where 3 or 4 interfaces with different MAC addresses share the
    same IP (or switches with 100s of MACs and only 1 IP)?
    - devices with 2 or more IP on the same interface, so sahring the same MAC?
    - devices not running IP at all?
    - IP addresses without any MAC? (WAN interfaces on routers, loopback
    interfaces)

    Also - i think i agree with Walter. If you have a need for IP addresses, but
    only get given the MAC address there is a hole in your requirements to
    solution mapping somewhere.....
    >
    > Thanks
    >
    >
    >
    > Walter Roberson wrote:
    > > In article <1150126387.901049.172280@g10g2000cwb.googlegroups. com>,
    > > wrote:
    > > > I have a MAC address for a given system and need to be able to
    > > >programatically determine it's IP address for use with a TCP-IP based
    > > >application.

    > >
    > > Is it certain that it has exactly one IP address? Not zero IP
    > > addresses and not 2 IP or more IP addresses?
    > >
    > > > Clearly, the ip address might be in the arp table for ced
    > > >host but the problem occurs when it is not. The options as I see it
    > > >are

    > >
    > > >1) broadcast ping (programmatically horrible as every host on the
    > > >network will respond)

    > >
    > > In my experience, roughly 1/3 of hosts will respond to a broadcast
    > > ping, and the rest will ignore it. There does appear to be a correlation
    > > to operating system, but not a strict correlation.
    > >
    > > >2) inverse arp lookup

    > >
    > > >My questions are:
    > > >
    > > >1) Does linux support the inverse arp protocol,

    > >
    > > Yup, search for rarpd
    > >
    > > >as various resources
    > > >I've seen indicate it is primarily used for frame relay? If so could
    > > >you direct me to the appropriate resources as I've been unable to
    > > >determine if linux supports this.
    > > >
    > > >2) What other methods could I use to obtain this information?

    > >
    > > rarp is not particularily reliable for this kind of work.
    > >
    > > If you are using a hub, sniff the ARP packets (or all packets) to find
    > > instances in which the target host happened to send out an IP packet.
    > >
    > > If you are using a managed switch, use SNMP to poll the port ARP

    entries.
    > > (NB: Roberson's Rule of SNMP: "Switches Lie.") Oh, and figure out
    > > what you are going to do about VLANs, because if you have VLANs the
    > > SNMP can get noticably more complex.
    > >
    > > If you are using an unmanaged switch... Ummm, replace it with a
    > > managed switch. Or find a way to poll the DHCP server that handed out
    > > the IP address (if you aren't using DHCP then what's the point of
    > > hard-coding by MAC without IP?) Or rewrite the application so that
    > > the client sends out Whosvills ("We are here!" messages), possibly
    > > via multicast.

    >

    --
    Regards

    stephen_hope@xyzworld.com - replace xyz with ntl



  5. Re: Determining IP address from MAC address

    In article ,
    Walter Roberson wrote:
    >Or rewrite the application so that
    >the client sends out Whosvills ("We are here!" messages), possibly
    >via multicast.


    Minor correction: that should be "Whovilles", not "Whosvills" ;-)

  6. Re: Determining IP address from MAC address

    The problem is that this information cannot be changed as the only
    information available from the host is the mac address (situation is
    snmpwalk of snmp VMWare ESX agent, contains the mac address of the vm's
    but not their ip address since the vm is a black box to VMware). Since
    the ESX system doesn't talk to vm for the most part, the arp table is
    missing the expected entries.

    There is no DHCP involved and clearly I cannot change the information
    reported by a third party snmp agent and VMWare doesn't know the ip
    addresses.

    Using the arp tables from managed switches and snooping packets is
    useful but not workable in a programmatic manner as this could work on
    my internal systems but not in another environment.

    So the problem remains, how to get an IP address from a MAC address.

    TIA


    Hping2 doesn't seem to support pinging by MAC address at least not
    according to the latest development version.

    The only option as I see it is to send an inverse arp packet by sending
    an ethernet fragment, however, I'm not convinced that any operating
    systems support responding to this protocol.

    Anyone know if the major *nix oses (Linux, AIX, Windows,HP-UX, AIX ...)
    support the inverse arp protocol?


    Walter Roberson wrote:
    > In article ,
    > Walter Roberson wrote:
    > >Or rewrite the application so that
    > >the client sends out Whosvills ("We are here!" messages), possibly
    > >via multicast.

    >
    > Minor correction: that should be "Whovilles", not "Whosvills" ;-)



  7. Re: Determining IP address from MAC address

    ian.neal@gmail.com wrote:
    > I have a MAC address for a given system and need to be able to
    > programatically determine it's IP address for use with a TCP-IP
    > based application. Clearly, the ip address might be in the arp
    > table for ced host but the problem occurs when it is not. The
    > options as I see it are


    > 1) broadcast ping (programmatically horrible as every host on the
    > network will respond)


    Not that there is a guarantee of a response, but couldn't you send the
    broadcast ICMP Echo Request in a Unicast Ethernet frame straight to
    the MAC in question? Or do such things get filtered these days?

    It does still depend on the system in question being in the same IP
    subnet, or having a route back to your IP address. I guess though
    that if you have a reasonable expectation of running a TCP/IP
    application it would have that connectivity

    rick jones
    --
    The glass is neither half-empty nor half-full. The glass has a leak.
    The real question is "Can it be patched?"
    these opinions are mine, all mine; HP might not want them anyway...
    feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

+ Reply to Thread