ip and mac addresses logging.

**jcdole** · 31-Jan-2019, 11:33

Hello.

Here is the network diagram :

Code:

<INTERNET>
     |
<ISP MODEM / ETHERNET + WIFI ROUTER> WIFI IS DISABLED
     | |
     | | 192.168.2.0/24 
     | |
     | +------------>   subnet 1
     |
     |
<NETGEAR - ROUTER A> ETHERNET - NO WIFI HARDWARE
     | |
     | | 192.168.3.0/24
     | |
     | +------------>  subnet 2
     |
     |
<NETGEAR - ROUTER B>  ETHERNET + WIFI ROUTER
     |
     | 192.168.4.0/24
     |
     +------->  subnet 3
 
ETHERNET + WIFI connections

Is there a way to get all the IP and associated MAC addresses of all devices of the three subnets from a linux computer on subnet 3 ?

Any help is welcome.

**deano_ferrari** · 31-Jan-2019, 11:58

You need to look at the respective routers ARP tables for that information. Hosts employing SNMP or WMI may be able to be queried for more information, so that might form the basis of a discovery script (after an initial nmap scan to determine IP addresses of connected hosts present). Another 'hybrid' option might be to have a host (eg Raspberry Pi) in each subnet that can collect the IP and MAC addresses and share these to your Linux machine via some method.

**jcdole** · 01-Feb-2019, 03:10

Originally Posted by deano_ferrari

You need to look at the respective routers ARP tables for that information. Hosts employing SNMP or WMI may be able to be queried for more information, so that might form the basis of a discovery script (after an initial nmap scan to determine IP addresses of connected hosts present). Another 'hybrid' option might be to have a host (eg Raspberry Pi) in each subnet that can collect the IP and MAC addresses and share these to your Linux machine via some method.

SNMP is anything but easy.
I have read some tutorials but I don't see by what to begin.
I have installed munin but I don't know if it is usefull.
I don't understand the relationship between snmp and mibs.
I suppose that I must enable and configure snmp on each router.

I need some tutorials on SNMP which should be more developed in the explanations than the one's i read.

**tsu2** · 01-Feb-2019, 12:09

Because these are routing devices, then each network has its own unique NetworkID.

Simplest is to simply run a network scanner against that particular network, as long as the device doing the scanning can "see" the network, everything about the found machines should be retrievable including IP addresses and MAC addresses (can also be anything and everything else the machine is willing to divulge).

TSU

**tsu2** · 01-Feb-2019, 12:13

Something like nmap can return results in tabular form.
If you want a scan displayed graphically, you can run something like EtherApe.

I wouldn't scan for something like SNMP, you're only querying members of the SNMP organization.

TSU

**tsu2** · 01-Feb-2019, 12:20

Originally Posted by jcdole

SNMP is anything but easy.
I have read some tutorials but I don't see by what to begin.
I have installed munin but I don't know if it is usefull.
I don't understand the relationship between snmp and mibs.
I suppose that I must enable and configure snmp on each router.

I need some tutorials on SNMP which should be more developed in the explanations than the one's i read.

SNMP is the protocol (ie Simple Network Management Protocol).
The MIB is the database used to define and store the specific metrics desired. MIBs are generally published for specific needs on particular devices, then SNMP applications can query the device for that information. As you've noticed, if you don't install the kind of MIB you want on that particular device, then that device, you won't be able to use SNMP to query that device.

As I described, it's not really the best approach for the question you asked, but SNMP is more often used manage (display readings, make changes to) network devices.

TSU

**deano_ferrari** · 01-Feb-2019, 13:20

Originally Posted by jcdole

SNMP is anything but easy.
I have read some tutorials but I don't see by what to begin.
I have installed munin but I don't know if it is usefull.
I don't understand the relationship between snmp and mibs.
I suppose that I must enable and configure snmp on each router.

I need some tutorials on SNMP which should be more developed in the explanations than the one's i read.

I've already mentioned the router inspection approach. You haven't' really illuminated what access you have to these networks, hence we're left to speculate. The suggestion to use nmap won't help with respect to MAC addresses of hosts connected to other networks. My last suggestion about using a monitoring device within each network that you can connect to is probably the most pragmatic way to get collated IP/MAC information.

**deano_ferrari** · 01-Feb-2019, 13:27

Originally Posted by tsu2

SNMP is the protocol (ie Simple Network Management Protocol).
The MIB is the database used to define and store the specific metrics desired. MIBs are generally published for specific needs on particular devices, then SNMP applications can query the device for that information. As you've noticed, if you don't install the kind of MIB you want on that particular device, then that device, you won't be able to use SNMP to query that device.

As I described, it's not really the best approach for the question you asked, but SNMP is more often used manage (display readings, make changes to) network devices.

TSU

While it wouldn't be my first approach either, I have seen such methods employed to derive such information via the use of snmpwalk interrogation switches and routers connected to remote networks.

**eng-int** · 01-Feb-2019, 15:00

I just do not understand the “network diagram”.

Is there an internet terminating device (as might be used to terminate an optical dircuit) with multiple isolated Ethernet ports, connected to the WAN ports of each of the three routers?

Or is there a single (e.g. DSL) feed to the modem port of router-0, with router-0 having multiple Ethernet ports configured as a LAN switch, and two of these LAN ports connected to the WAN ports of router-A and router-B? This means that router-0 must be configured with three local network addresses (e.g. eth0:2 192.168.2.1/24, eth0:3 192.168.3.1/24 and eth0:4 192.168.4.1/24) if it is to act as an Internet gateway for the three LANs.

In the latter case the putative Linux host can be furnished with an IP similar to 192.168.4.x/21. This would enable it to reach (e.g. ping) all devices on all three LANs. Then something like

Code:

# arp-scan 192.168.0.0/21

would discover all connected interfaces on the three LANs (subnets). (If you had used 192.168.1/24, 192.168.2/24 and 192.168.3/24 you would only have to scan 192.168.0.0/22)

**tsu2** · 02-Feb-2019, 09:03

Originally Posted by deano_ferrari

I've already mentioned the router inspection approach. You haven't' really illuminated what access you have to these networks, hence we're left to speculate. The suggestion to use nmap won't help with respect to MAC addresses of hosts connected to other networks. My last suggestion about using a monitoring device within each network that you can connect to is probably the most pragmatic way to get collated IP/MAC information.

You can query the target for MAC addresses which is different than detecting the address as reported by the network connection which is what you're suggesting here and is the basis of the post by @eng-int.

TSU