Reverse or inverse ARP from windows/linux - no way (!?!?)
in [Design]
|
From: JosephKK on 2 Apr 2010 00:14 On Wed, 31 Mar 2010 21:09:46 -0700, "JosephKK"<quiettechblue(a)yahoo.com> wrote: >On Wed, 31 Mar 2010 00:31:23 +0200, Hans-Bernhard Bröker <HBBroeker(a)t-online.de> wrote: > >>Didi wrote: >>> On Mar 30, 1:44 am, Hans-Bernhard Bröker <HBBroe...(a)t-online.de> >>> wrote: >>>> Didi wrote: >> >>>>> I tried today to figure out a simple way to give users of our >>>>> new netmca (http://tgi-sci.com/tgi/nmcatb.htm) to locate its >>>>> IP address once it gets one via dhcp when there is no internet >>>>> at the moment >> >>>> I believe that, strictly speaking, that can't happen. If you have no >>>> internet at the moment, you don't have DHCP either. Remember that DHCP >>>> itself is a UDP service. > >>>>UDP in turn works on top of IP, and that, for >>>> better or for worse, is "internet". > >This erroneous statement alone shows that you are ill prepared to participate >in this discussion. If you think UDP "sits" on top of IP you are very mistaken. >It is a parallel (at the same level) link/transport protocol. Arrghkk, gllujk, orwrrpp. (translation ankle tastes soo good) > >Moreover, you desired email reply shows arrogant disregard for USENET norms. This still stands. >> >> > There are DHCP servers in the absence of internet. >> >>That's only true for a meaning of the term "internet" that IMHO rather >>strictly contradicts with your self-proclaimed expertise in internet >>technologies. What exactly did the 'I' in IP mean again? >> ><Snip>
From: Hans-Bernhard Bröker on 2 Apr 2010 12:30 [F'up2 poster, _again_] JosephKK wrote: > Moreover, you desired email reply shows arrogant disregard for USENET norms. Well, so did the OP (by failing to set any Followup-To at all, and X-posting to at least one totally off-topic newsgroup). And in his utterance that I replied to, _he_ dropped to a level of discussion that was off-topic for all three newsgroup, and unfit for anything but private discussion. I'm quite sure it's well within USENET norms to redirect discussion of off-topic ad-hominem attacks to more appropriate ways of discussion. _Ignoring_ such redirects, like you did, is not.
From: Przemek Klosowski on 3 Apr 2010 00:33 On Fri, 26 Mar 2010 00:14:36 -0700, Didi wrote: > Just made the device attempt it every 20 seconds or so - the user being able > to turn that on/off. Just make the device send a packet to the broadcast address, or to FF:FF:FF:FF:FF:FF every 20 seconds, containing its ID (well, it'll contain the MAC as the source address already, but you could also add more info e.g. the time since turned on or other information that may be helpful to distinguish between multiple devices). Every host on their local subnet will receive such packets, so it'll be a simple matter of programming to get the info you need.
From: JosephKK on 3 Apr 2010 02:56 On Fri, 02 Apr 2010 18:30:16 +0200, Hans-Bernhard Bröker <HBBroeker(a)t-online.de> wrote: >[F'up2 poster, _again_] > >JosephKK wrote: > >> Moreover, you desired email reply shows arrogant disregard for USENET norms. > >Well, so did the OP (by failing to set any Followup-To at all, and >X-posting to at least one totally off-topic newsgroup). And in his >utterance that I replied to, _he_ dropped to a level of discussion that >was off-topic for all three newsgroup, and unfit for anything but >private discussion. > >I'm quite sure it's well within USENET norms to redirect discussion of >off-topic ad-hominem attacks to more appropriate ways of discussion. >_Ignoring_ such redirects, like you did, is not. No. You asking for email reply is abnormal. Rechecking the thread a bit i did not see any serious ad hominem either. Perhaps you are reading different posts than i am, perhaps not.
From: gopher on 4 Apr 2010 03:37
On Mar 25, 2:54 pm, Didi <d...(a)tgi-sci.com> wrote: > I tried today to figure out a simple way to give users of our > new netmca (http://tgi-sci.com/tgi/nmcatb.htm) to locate its > IP address once it gets one via dhcp when there is no internet > at the moment (when there is the device posts its IP to our domain > and customers can see it using a browser). > > Turned out there is nothing like an easy way to do that! > > There are some utilities which can be used to ping the entire subnet; > then list the arp cache, locate the known MAC address and > see its IP. But these are far from something one would want to ask > customers to deal with, long lists, necessity to search etc. , heck, > it > will generate more calls to me than if I do it for them every time. > > In an attempt to solve it I spent 10 minutes adding RARP reply > to our device Ethernet related stuff - so it would reply to an ARP > inquiry #3 by sending its IP address (it only has one); and then spent > perhaps 3 hours googling, moogling, you name it, searching for some > piece of code to do that at the wintel side. Even rebooted the wintel > laptop to ubuntu to try it out from there (thought arp -r or something > would just work), oh no. No way. Spent perhaps half an hour of > moogling for linux rarp, same thing. > > How on Earth is that possible?! I can understand how many things > are retarded as one would expect them to be on a x86 based thing, > but this is too simple even for the x86 world. > > Any ideas? I have not faced the issue in real life yet (users tend > to have internet) but this is bound to happen and I am looking for > some solution. > > Dimiter > > ------------------------------------------------------ > Dimiter Popoff Transgalactic Instruments > > http://www.tgi-sci.com > ------------------------------------------------------http://www.flickr.com/photos/didi_tgi/sets/72157600228621276/ Okay, perhaps we can steer this back to the original question?... Is there a (easy) way to generate an Inverse ARP from a WIndows and/or Linux workstation? (or any other device, like a cisco switch or router) My notes to add to the mess: - We have identified an "interesting mac" address on the network (most likely noticed on a switches mac table) but we don't know it's IP address. - we're assuming it has an IP address. (not netware or appletalk or...) - We are not asking about Reverse ARP, that's different than Inverse ARP. Reveres ARP issued by me is me asking for my own IP address. RARP was a predecessor to bootp/dhcp. - Inverse arp is sent to a mac address and asks that mac what his/her IP address is. - Not everyone responds to a Broadcast ping to 255.255.255.255, so those results are not guaranteed to get the "interesting" mac to respond and add an entry to your arp table - Not everyone responds to a subnet Broadcast ping to 172.16.3.255 (assuming the subnet is 172.16.3.0/24), so those results are not guaranteed to get the "interesting" mac to respond. - Not everyone responds to a ping to 172.16.3.0 (assuming the subnet is 172.16.3.0/24), so those results are not guaranteed to get the "interesting" mac to respond. - the interesting mac may not be using DHCP, it may be statically assigned an IP address and mask. - the interesting mac may be programmed for a different subnet than what we think the switch port should be on (say our subnet is 172.16.3.0/24 and the "interesting mac" is quietly sitting there programmed for 10.20.30.153/24) - because of the above, even a ip address scan of the subnet you think it's on (172.16.3.0/24) isn't going to get a response from the interesting mac. So, it would be really cool if you could generate an Inverse-arp to the "interesting mac" to say "hey! what's your IP address?". Of course if someone has such a command, the next question will be what percentage of devices will actually respond to it? port mirroring to a sniffer (Wireshark) is another way to see it's IP address, if it's sending anything. anyway, that's where this posting started (I think). Can anyone answer that initial question about generating an Inverse-arp? Cheers - Glen#2 |