Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: ip and mac addresses logging.

  1. #1
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    996

    Default ip and mac addresses logging.

    Hello.

    Here is the network diagram :

    Code:
    <INTERNET>
         |
    <ISP MODEM / ETHERNET + WIFI ROUTER> WIFI IS DISABLED
         | |
         | | 192.168.2.0/24 
         | |
         | +------------>   subnet 1
         |
         |
    <NETGEAR - ROUTER A> ETHERNET - NO WIFI HARDWARE
         | |
         | | 192.168.3.0/24
         | |
         | +------------>  subnet 2
         |
         |
    <NETGEAR - ROUTER B>  ETHERNET + WIFI ROUTER
         |
         | 192.168.4.0/24
         |
         +------->  subnet 3
     
    ETHERNET + WIFI connections
    Is there a way to get all the IP and associated MAC addresses of all devices of the three subnets from a linux computer on subnet 3 ?

    Any help is welcome.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    19,716
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    You need to look at the respective routers ARP tables for that information. Hosts employing SNMP or WMI may be able to be queried for more information, so that might form the basis of a discovery script (after an initial nmap scan to determine IP addresses of connected hosts present). Another 'hybrid' option might be to have a host (eg Raspberry Pi) in each subnet that can collect the IP and MAC addresses and share these to your Linux machine via some method.
    openSUSE Leap 15.0; KDE Plasma 5

  3. #3
    Join Date
    Jun 2008
    Location
    South-West France
    Posts
    996

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by deano_ferrari View Post
    You need to look at the respective routers ARP tables for that information. Hosts employing SNMP or WMI may be able to be queried for more information, so that might form the basis of a discovery script (after an initial nmap scan to determine IP addresses of connected hosts present). Another 'hybrid' option might be to have a host (eg Raspberry Pi) in each subnet that can collect the IP and MAC addresses and share these to your Linux machine via some method.
    SNMP is anything but easy.
    I have read some tutorials but I don't see by what to begin.
    I have installed munin but I don't know if it is usefull.
    I don't understand the relationship between snmp and mibs.
    I suppose that I must enable and configure snmp on each router.

    I need some tutorials on SNMP which should be more developed in the explanations than the one's i read.
    Thanks for helping. JCD
    __________

    server leap 15-- ASUS g75vw KDE leap 42.3 -- ASUS g750JZ KDE leap 42.3 -- acer aspire s13 win 10 home -- HP Omen win 10 home - scan EPSON V500 - Brother HL2250DN - Samsung CLP-325W

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,289
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Because these are routing devices, then each network has its own unique NetworkID.

    Simplest is to simply run a network scanner against that particular network, as long as the device doing the scanning can "see" the network, everything about the found machines should be retrievable including IP addresses and MAC addresses (can also be anything and everything else the machine is willing to divulge).

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,289
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Something like nmap can return results in tabular form.
    If you want a scan displayed graphically, you can run something like EtherApe.

    I wouldn't scan for something like SNMP, you're only querying members of the SNMP organization.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,289
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by jcdole View Post
    SNMP is anything but easy.
    I have read some tutorials but I don't see by what to begin.
    I have installed munin but I don't know if it is usefull.
    I don't understand the relationship between snmp and mibs.
    I suppose that I must enable and configure snmp on each router.

    I need some tutorials on SNMP which should be more developed in the explanations than the one's i read.
    SNMP is the protocol (ie Simple Network Management Protocol).
    The MIB is the database used to define and store the specific metrics desired. MIBs are generally published for specific needs on particular devices, then SNMP applications can query the device for that information. As you've noticed, if you don't install the kind of MIB you want on that particular device, then that device, you won't be able to use SNMP to query that device.

    As I described, it's not really the best approach for the question you asked, but SNMP is more often used manage (display readings, make changes to) network devices.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  7. #7
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    19,716
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by jcdole View Post
    SNMP is anything but easy.
    I have read some tutorials but I don't see by what to begin.
    I have installed munin but I don't know if it is usefull.
    I don't understand the relationship between snmp and mibs.
    I suppose that I must enable and configure snmp on each router.

    I need some tutorials on SNMP which should be more developed in the explanations than the one's i read.
    I've already mentioned the router inspection approach. You haven't' really illuminated what access you have to these networks, hence we're left to speculate. The suggestion to use nmap won't help with respect to MAC addresses of hosts connected to other networks. My last suggestion about using a monitoring device within each network that you can connect to is probably the most pragmatic way to get collated IP/MAC information.
    openSUSE Leap 15.0; KDE Plasma 5

  8. #8
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    19,716
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by tsu2 View Post
    SNMP is the protocol (ie Simple Network Management Protocol).
    The MIB is the database used to define and store the specific metrics desired. MIBs are generally published for specific needs on particular devices, then SNMP applications can query the device for that information. As you've noticed, if you don't install the kind of MIB you want on that particular device, then that device, you won't be able to use SNMP to query that device.

    As I described, it's not really the best approach for the question you asked, but SNMP is more often used manage (display readings, make changes to) network devices.

    TSU
    While it wouldn't be my first approach either, I have seen such methods employed to derive such information via the use of snmpwalk interrogation switches and routers connected to remote networks.
    openSUSE Leap 15.0; KDE Plasma 5

  9. #9
    Join Date
    Oct 2008
    Location
    Glasgow, Scotland
    Posts
    1,127

    Default Re: ip and mac addresses logging.

    I just do not understand the “network diagram”.

    Is there an internet terminating device (as might be used to terminate an optical dircuit) with multiple isolated Ethernet ports, connected to the WAN ports of each of the three routers?

    Or is there a single (e.g. DSL) feed to the modem port of router-0, with router-0 having multiple Ethernet ports configured as a LAN switch, and two of these LAN ports connected to the WAN ports of router-A and router-B? This means that router-0 must be configured with three local network addresses (e.g. eth0:2 192.168.2.1/24, eth0:3 192.168.3.1/24 and eth0:4 192.168.4.1/24) if it is to act as an Internet gateway for the three LANs.

    In the latter case the putative Linux host can be furnished with an IP similar to 192.168.4.x/21. This would enable it to reach (e.g. ping) all devices on all three LANs. Then something like
    Code:
    # arp-scan 192.168.0.0/21
    would discover all connected interfaces on the three LANs (subnets). (If you had used 192.168.1/24, 192.168.2/24 and 192.168.3/24 you would only have to scan 192.168.0.0/22)
    ~Thank you for sharing an interesting problem.
    --
    slàinte mhath,
    rayH

  10. #10
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,289
    Blog Entries
    1

    Default Re: ip and mac addresses logging.

    Quote Originally Posted by deano_ferrari View Post
    I've already mentioned the router inspection approach. You haven't' really illuminated what access you have to these networks, hence we're left to speculate. The suggestion to use nmap won't help with respect to MAC addresses of hosts connected to other networks. My last suggestion about using a monitoring device within each network that you can connect to is probably the most pragmatic way to get collated IP/MAC information.
    You can query the target for MAC addresses which is different than detecting the address as reported by the network connection which is what you're suggesting here and is the basis of the post by @eng-int.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •