At 2003-08-13 12:13:24+0000, Mitch Collinsworth writes: > > If you ping the broadcast addr you will (should) get a reply from > all hosts. This will give you a full arp table that can be > grep'd programatically. The only hitch is that it's possible for > someone to put a firewall or other custom setup on a machine to > prevent it from replying to ping.
A good idea, except that a lot of OSes these days are configured to ignore broadcast pings. That includes FreeBSD, by default (although you can change it with the net.inet.icmp.bmcastecho sysctl). This is because forged broadcast pings were used as DoS attack amplifiers. The only two machines on our office subnet which respond to a broadcast ping are a PC running Windows NT4 and an HP LaserJet printer. I get nothing back from machines running Windows XP, FreeBSD 4.x, and Mac OS X. > Another way would be to decode packets to read the IP from address. > Not sure if tcpdump has that ability or it it would take some > coding. I've always done it with arp myself. I could do that, but on the subnets I'm interested in, the IP addresses in most of the packets aren't local to the subnet (most of the machines on it are routers of one sort or another). Nick B _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
