tags:

views:

136

answers:

3
+2  Q: 

How to get the IP address of a remote host from its Ethernet address ?

I'm looking for some Linux code to find an IP address from an Ethernet address. I suppose I have to do some inverse ARP trickery but I don't find any example...

+2  A: 

http://compnetworking.about.com/od/networkprotocolsip/f/convertipmacadd.htm

Try sending an IP broadcast (e.g. ping 192.168.1.255 if your subnet is 192.168.1.0/24) to prime your ARP cache, followed by arp -a to spit it all out.

vladr  2010-03-20 23:09:20
+2  A: 

For computers that you have communicated with, you can look at their arp entry. This is available in text format in /proc/net/arp for example. Finding an IP address for a MAC that you know but haven't communicated with is significantly more difficult. The closest match, protocol-wise, would be RARP but that's hardly ever in use so your are not likely to get a response.

You can always scan your local subnet to make sure you get a full view in your arp table. See for example fping for an efficient way to do this. Note that hosts don't actually need to respond to the pings in question to appear in the ARP table, so this is useful even in the presence of local firewalls etc.

calmh  2010-03-20 23:15:55
@calmh ok so there is no other way. Is it better to send ICMP packets with ping or fping or to use something like arping ?
Fred  2010-03-21 06:10:01
Arping would be more efficient, since it avoids the ICMP step that is unnecessary for your purposes. But overall, fping might be faster since it parallellizes more and is actually made for scanning a subnet quickly.The best would probably be to quickly send arp questions yourself, like arping does. Make one thread send requests as quickly as possible (or with a reasonable rate limit) and another thread listen for incoming responses. That way you could probably get a complete picture of a /24 subnet in a few seconds.
calmh  2010-03-21 10:16:20
A: 

If the entry is already in the arp table, you may use code similar to the one posted in this question: http://stackoverflow.com/questions/2867038/using-netlink-to-obtain-arp-entries-only-returns-stale-entries

Ben  2010-05-19 18:16:10

related questions

Delphi, How to get all local IPs?
Getting the client IP address: REMOTE_ADDR, HTTP_X_FORWARDED_FOR, what else could be useful?
How to convert an IPv4 address into a integer in C#?
Working with IPv6 Addresses in PHP
How to determine whether an IP is from the same LAN programatically in .NET C#
How do I detect whether a given IP is in a given subnet in Javascript?
Linux: retrieve per-interface sent/received packet counters (ethernet, ipv4, ipv6)
How do I make an outgoing socket to a SPECIFIC network interface?
How to find a locally available UDP port with unix Sockets API
How does geographic lookup by IP work?
Best tutorial for application multicasting?
SAAS per seat authentication
How do I find the DHCP assigned IP address via bash on Fedora?
Get my WAN IP address
Writing a reliable, totally-ordered multicast system in Python
192.168.0.71... What is this special address used for?
Sending an HTTP request to a different IP than what the hostname resolves to?
Checking IP Port State Remotely
How to route in linux
What is the difference between 0.0.0.0 and 255.255.255.255 in IPv4?
How can I specify the local address on a java.net.URLConnection?
Reverse DNS lookup in perl
Change IP address via shellscript on Slackware
How can I determine the IP of my router/gateway in Java?
IP to Country?