[quagga-users 11308] Re: very newbish question regarding netwok discovery

Peter J. Holzer hjp+quagga at wsr.ac.at
Mon Jan 11 10:11:38 GMT 2010


On 2010-01-10 17:26:14 -0500, Christopher Barry wrote:
> On Sun, 2010-01-10 at 15:36 -0500, Christopher Barry wrote:
> > On Sun, 2010-01-10 at 12:07 -0800, Kurt Buff wrote:
> > > On Sun, Jan 10, 2010 at 11:42, Christopher Barry
> > > <christopher.barry at rackwareinc.com> wrote:
> > > > This Linux image would use OSPF (or some other protocol) to determine
> > > > what networks each interface was attached to. Ideally, no IP addresses
> > > > would be configured on the system during this process. Scripts would
> > > > record this information (e.g. the system interface/attached subnet
> > > > pairing) for future understanding about the system's network
> > > > connectivity.
[...]
> > > I see four possibilities:
[...]
> > Originally I thought I could use arp for this, but a multi-homed system,
> > and routers as well, from what I can gather, will do a form of
> > proxy-arp, so they will respond with the directly connected MAC address
> > of a host, but with an IP from another local interface. This makes
> > isolation essentially impossible.
> 
> As stated above, in a prior posting, arp is not a feasible solution for
> this use case - I have already tried it.
> 
> from the arp-scan user manual located @ 
> http://www.nta-monitor.com/wiki/index.php/Arp-scan_User_Guide#Discovering_other_interface_addresses
> 
> $ arp-scan --interface=eth0 192.168.1.1 10.0.105.225
> 
> 192.168.1.1     00:c0:9f:09:b8:db       QUANTA COMPUTER, INC.
> 10.0.105.225    00:c0:9f:09:b8:db       QUANTA COMPUTER, INC.
> 
> So, doing subnet identification via arp is not possible.

arp-scan is the wrong tool for the job because it determines the MAC
address for a known IP address. You want to determine unknown IP
addresses. You should be able to get a list of used IP addresses on a
subnet by listening for ARP requests:

# tcpdump -n arp
10:46:16.742707 arp who-has 143.130.54.19 tell 143.130.55.24
10:46:16.744094 arp who-has 143.130.55.24 tell 143.130.54.19
10:46:17.064669 arp who-has 143.130.63.254 tell 143.130.55.125
10:46:17.200153 arp who-has 143.130.63.254 tell 143.130.55.93
...


# minnet `tcpdump -n -c 100 arp | awk '{ print $4 }'`
net = 143.130.48.0/20 (143.130.48.0/255.255.240.0) bcast = 143.130.63.255

which is correct.

(minnet is a perl script which determines the minimal network enclosing
the given IP addresses. You can find it in
http://www.hjp.at/apt/debian/dists/lenny/hjp/source/hjp-dnsutils_1.0.orig.tar.gz
(although it doesn't have anything to do with DNS) - as it is it only
works for a single IP network - if you have multiple IP nets on the the
same ethernet, it will report the supernet of all of them, propably
0.0.0.0/0).

        hp

-- 
   _  | Peter J. Holzer    | Auf jedem Computer sollte der Satz Ludwigs II
|_|_) | Sysadmin WSR       | eingeprägt stehen: "Ein ewig Rätsel will ich
| |   | hjp at wsr.ac.at      | bleiben, mir und andern."
__/   | http://www.hjp.at/ |    -- Wolfram Heinrich in desd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.quagga.net/pipermail/quagga-users/attachments/20100111/362239a5/attachment-0001.bin>


More information about the Quagga-users mailing list