Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: ip and mac addresses logging.

  1. #11
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    19,717
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by tsu2 View Post
    You can query the target for MAC addresses which is different than detecting the address as reported by the network connection which is what you're suggesting here and is the basis of the post by @eng-int.

    TSU
    ???

    Best to wait until the OP clarifies network topolgy and access rights before speculating further, but I've already suggested how MAC addresses can be discovered on a remote subnet assuming an administrator POV.
    openSUSE Leap 15.0; KDE Plasma 5

  2. #12
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,295
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by deano_ferrari View Post
    ???

    Best to wait until the OP clarifies network topolgy and access rights before speculating further, but I've already suggested how MAC addresses can be discovered on a remote subnet assuming an administrator POV.
    Network topology is not absolutely necessary beyond what he already described.

    I don't remember the exact scanner I used long ago, but a simple survey of scanners that do retrieve the MAC address of target hosts tell us how it's done...

    The most obvious method first that works only when on the same physical network is what you describe which is to simply ping all the hosts in the same network and read the network connection properties off each successful network connection, this will succeed no matter whether the target machines are willing to reveal any more information than is necessary.

    All scanners that retrieve information like MAC addresses from targets in remote networks have to be queried for the information and depending on the security level of the target, may or may not be willing to respond to such queries... So one way is as you describe which is to authenticate using SNMP. There are other ways to authenticate including LDAP, Active Directory, knowing the specific login credentials of the remote machine, and so on... You should get the idea. Once the scanner can log into the remote target, the machine can be asked to do various things to provide more info than usual including the topic of this thread which is the MAC address... So for instance the scanner might request the target to run ifconfig or ipconfig/WMI and return the results.

    Needless to say, careless security or security which allows easy access in some way can unintentionally enable things like getting the MAC address easily.

    Another way that was described is pretty obvious but may not apply here... You can install an agent running either on each remote host or on a single host in the remote network that does the work for you. I've done that a few times setting up Nagios. An agent may already be running on the remote network like a DHCP server or a Residential Gateway or Access Point which will have all the MAC addresses for the clients they serve.

    Another way I've gotten remote addresses of machines on public networks is that ISPs often assign names to their customers that include the MAC and/or IP address for internal management purposes and those names are easily discoverable, I assume no one does that regularly in their own private network.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #13
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    19,717
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by tsu2 View Post
    Network topology is not absolutely necessary beyond what he already described.
    Tsu - you haven't told me anything I do not already know, and already hinted at in my previous replies.

    Once the scanner can log into the remote target, the machine can be asked to do various things to provide more info than usual including the topic of this thread which is the MAC address... So for instance the scanner might request the target to run ifconfig or ipconfig/WMI and return the results.

    Needless to say, careless security or security which allows easy access in some way can unintentionally enable things like getting the MAC address easily.

    Another way that was described is pretty obvious but may not apply here... You can install an agent running either on each remote host or on a single host in the remote network that does the work for you. I've done that a few times setting up Nagios. An agent may already be running on the remote network like a DHCP server or a Residential Gateway or Access Point which will have all the MAC addresses for the clients they serve.
    As I already suggested (posts #2 and #7 without the verbosity)!
    Last edited by deano_ferrari; 02-Feb-2019 at 14:34.
    openSUSE Leap 15.0; KDE Plasma 5

  4. #14
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,295
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Yes, I'm sure that what I ended up describing was known to you, however the point I felt needed to be made is that SNMP and MiBs aren't the only way or even necessarily the most common way for non-enterprise Users to collect MAC addresses.

    Although my initial comment about querying the target for the info was maybe too brief to be easily understood, the additional examples and methods I described might help less experienced Users.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  5. #15
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    19,717
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by tsu2 View Post
    Yes, I'm sure that what I ended up describing was known to you, however the point I felt needed to be made is that SNMP and MiBs aren't the only way or even necessarily the most common way for non-enterprise Users to collect MAC addresses.
    Yes, it was just mentioned as a possibility.

    Although my initial comment about querying the target for the info was maybe too brief to be easily understood, the additional examples and methods I described might help less experienced Users.

    TSU
    All good.
    Last edited by deano_ferrari; 02-Feb-2019 at 14:48.
    openSUSE Leap 15.0; KDE Plasma 5

  6. #16
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    996

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by tsu2 View Post
    SNMP is the protocol (ie Simple Network Management Protocol).
    The MIB is the database used to define and store the specific metrics desired. MIBs are generally published for specific needs on particular devices, then SNMP applications can query the device for that information. As you've noticed, if you don't install the kind of MIB you want on that particular device, then that device, you won't be able to use SNMP to query that device.

    As I described, it's not really the best approach for the question you asked, but SNMP is more often used manage (display readings, make changes to) network devices.

    TSU
    Thank you very much.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  7. #17
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    996

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by tsu2 View Post
    Something like nmap can return results in tabular form.
    If you want a scan displayed graphically, you can run something like EtherApe.

    I wouldn't scan for something like SNMP, you're only querying members of the SNMP organization.

    TSU
    Code:
    ~ # nmap -sP 192.168.2.0/24
    
    Starting Nmap 6.47 ( http://nmap.org ) at 2019-02-03 16:21 CET
    Nmap scan report for 192.168.2.42
    Host is up (0.0014s latency).
    Nmap scan report for 192.168.2.200
    Host is up (0.032s latency).
    Nmap done: 256 IP addresses (2 hosts up) scanned in 9.20 seconds
    Run on root console from subnet 3 ( from wher I am )
    Nothing about mac address nor hostname; seems because that does not cross router.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  8. #18
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    996

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by eng-int View Post
    I just do not understand the “network diagram”.

    Is there an internet terminating device (as might be used to terminate an optical dircuit) with multiple isolated Ethernet ports, connected to the WAN ports of each of the three routers?

    Or is there a single (e.g. DSL) feed to the modem port of router-0, with router-0 having multiple Ethernet ports configured as a LAN switch, and two of these LAN ports connected to the WAN ports of router-A and router-B? This means that router-0 must be configured with three local network addresses (e.g. eth0:2 192.168.2.1/24, eth0:3 192.168.3.1/24 and eth0:4 192.168.4.1/24) if it is to act as an Internet gateway for the three LANs.

    In the latter case the putative Linux host can be furnished with an IP similar to 192.168.4.x/21. This would enable it to reach (e.g. ping) all devices on all three LANs. Then something like
    Code:
    # arp-scan 192.168.0.0/21
    would discover all connected interfaces on the three LANs (subnets). (If you had used 192.168.1/24, 192.168.2/24 and 192.168.3/24 you would only have to scan 192.168.0.0/22)
    Internet come to router 1.
    On router 1
    One port is for subnet 1; there is some device on subnet 1 with address 192.168.2.xxx
    One port is connected to router 2

    On router 2
    One port is for subnet 2; there is some device on subnet 2 with address 192.168.3.xxx
    One port is connected to router 3

    On router 3 network addresses is 192.168.4.xxx
    This is where I am connected.
    THis is from where I would like to get device name, IP, and mac address.


    If that help for my question.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  9. #19
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    25,781
    Blog Entries
    15

    Default Re: ip and mac addresses logging.

    On Sun 03 Feb 2019 03:36:03 PM CST, jcdole wrote:

    tsu2;2892995 Wrote:
    > Something like nmap can return results in tabular form.
    > If you want a scan displayed graphically, you can run something like
    > EtherApe.
    >
    > I wouldn't scan for something like SNMP, you're only querying members
    > of the SNMP organization.
    >
    > TSU



    Code:
    --------------------
    ~ # nmap -sP 192.168.2.0/24

    Starting Nmap 6.47 ( http://nmap.org ) at 2019-02-03 16:21 CET
    Nmap scan report for 192.168.2.42
    Host is up (0.0014s latency).
    Nmap scan report for 192.168.2.200
    Host is up (0.032s latency).
    Nmap done: 256 IP addresses (2 hosts up) scanned in 9.20 seconds


    --------------------


    Run on root console from subnet 3 ( from wher I am )
    Nothing about mac address nor hostname; seems because that does not
    cross router.


    Hi
    So are all three routers capable of snmp?

    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SLES 15 | GNOME Shell 3.26.2 | 4.12.14-25.25-default
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!


  10. #20
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    996

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by eng-int View Post
    I just do not understand the “network diagram”.

    Is there an internet terminating device (as might be used to terminate an optical dircuit) with multiple isolated Ethernet ports, connected to the WAN ports of each of the three routers?

    Or is there a single (e.g. DSL) feed to the modem port of router-0, with router-0 having multiple Ethernet ports configured as a LAN switch, and two of these LAN ports connected to the WAN ports of router-A and router-B? This means that router-0 must be configured with three local network addresses (e.g. eth0:2 192.168.2.1/24, eth0:3 192.168.3.1/24 and eth0:4 192.168.4.1/24) if it is to act as an Internet gateway for the three LANs.

    In the latter case the putative Linux host can be furnished with an IP similar to 192.168.4.x/21. This would enable it to reach (e.g. ping) all devices on all three LANs. Then something like
    Code:
    # arp-scan 192.168.0.0/21
    would discover all connected interfaces on the three LANs (subnets). (If you had used 192.168.1/24, 192.168.2/24 and 192.168.3/24 you would only have to scan 192.168.0.0/22)
    From a root console :

    Code:
    ~ # arp-scan 192.168.0.0/22
    Interface: gvw_eth0, datalink type: EN10MB (Ethernet)
    Starting arp-scan 1.9 with 1024 hosts (http://www.nta-monitor.com/tools/arp-scan/)
    192.168.3.32    c0:ff:d4:80:a7:d5       (Unknown)
    
    1 packets received by filter, 0 packets dropped by kernel
    Ending arp-scan 1.9: 1024 hosts scanned in 5.686 seconds (180.09 hosts/sec). 1 responded
    Code:
    arp-scan 192.168.2.0/22
    Interface: gvw_eth0, datalink type: EN10MB (Ethernet)
    WARNING: host part of 192.168.2.0/22 is non-zero
    Starting arp-scan 1.9 with 1024 hosts (http://www.nta-monitor.com/tools/arp-scan/)
    192.168.3.32    c0:ff:d4:80:a7:d5       (Unknown)
    
    1 packets received by filter, 0 packets dropped by kernel
    Ending arp-scan 1.9: 1024 hosts scanned in 5.691 seconds (179.93 hosts/sec). 1 responded
    Code:
    arp-scan 192.168.3.0/24
    Interface: gvw_eth0, datalink type: EN10MB (Ethernet)
    WARNING: host part of 192.168.3.0/22 is non-zero
    Starting arp-scan 1.9 with 1024 hosts (http://www.nta-monitor.com/tools/arp-scan/)
    192.168.3.32    c0:ff:d4:80:a7:d5       (Unknown)
    
    1 packets received by filter, 0 packets dropped by kernel
    Ending arp-scan 1.9: 1024 hosts scanned in 5.803 seconds (176.46 hosts/sec). 1 responded
    Code:
    arp-scan 192.168.4.0/24
    Interface: gvw_eth0, datalink type: EN10MB (Ethernet)
    WARNING: host part of 192.168.130.0/22 is non-zero
    Starting arp-scan 1.9 with 1024 hosts (http://www.nta-monitor.com/tools/arp-scan/)
    192.168.130.20    d8:6c:e9:42:eb:8d       SAGEMCOM SAS
    192.168.130.70    98:e7:f4:5f:de:2c        (Unknown)
    192.168.130.100  78:24:af:29:48:93       (Unknown)
    192.168.130.103  30:05:5c:3a:e3:af        Brother industries, LTD.
    192.168.130.230  c0:ff:d4:80:a7:d5        (Unknown)
    
    5 packets received by filter, 0 packets dropped by kernel
    Ending arp-scan 1.9: 1024 hosts scanned in 5.701 seconds (179.62 hosts/sec). 5 responded

    Any comment is welcome.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •