Re: scan for machines in the subnet

Moe Trin wrote:
On Mon, 05 Mar 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <45ebf363$0$24618$8404b019@xxxxxxxxxxxxxxx>, David Brown wrote:

Chris Cox wrote:

Moe Trin wrote:

The only hosts that won't be found are those that have disabled ARP on
their network setup, OR are using off-network IP addresses that you did
not try to talk to. ARP is lower in the stack than firewall code, and
even if a host is dropping all TCP, UDP, or ICMP (etc.) packets, it will
still respond to an ARP packet addressed to it's IP address.
A switch on a meshed network can reply to ARP with it's own MAC.
I've just run Patrick's nmap scan on our office network, and I don't see
any indication that our switches are modifying the MACs, based on nmap's
partial identification of the companies owning the MAC addresses found.

Note he wrote "can", and not "will". Generally speaking, those switches
that do substitute the MAC will have intelligence and will provide access
(possibly through SNMP - possibly via other protocols) to their internal
table of "who is on which port".

I would have thought that a switch would not modify the MAC - after all,
it would mess up things like statically assigned IP addresses issued by
a DHCP server.

True - but if you're going to statically assign IP addresses, why not do
so directly? It usually takes less time to do so.


There are a few reasons. In the past, I've directly assigned IP addresses for servers and the like - as you say, it's the easiest method (no need to copy MAC addresses between leases files and config files). However, sometimes things change on a network - dns servers, networks, etc. They don't change often, fortunately - but I'm reconfiguring things at the moment (well, I'm planning it - when I've got my new firewall and router set up, I'll do the reconfiguring), and that means each manually configured server, workstation and printer must be changed. Printers in particular can be conveniently given an address by the DHCP server, and that address can be locked in the DHCP server's configuration, so that addresses are consistent thereafter.

I guess my main concern about a switch messing with MAC addresses is to be sure that each PC (or other device) on the network has the same MAC address every time. It doesn't really matter if the apparent MAC address for a PC is its true MAC address, or some switch-modified version, as long as it is always the same and always unique.

mvh.,

David

Old guy

.

Relevant Pages

  • RE: Poor XP network performance 2003 LAN
    ... We have 3 meg bonded T1 in Corp office and the network is as follows, ... when I remote VPN into the LAN I can ... pull data from shared drive on the server or shared folders on PC's. ... However if I setup a Linux or Mac OSX ...
    (microsoft.public.windows.server.general)
  • Re: Multiple bitrates not working in WMP for OS X
    ... >> specific network type. ... >> machine and it certainly won't work from a web server. ... I can confirm your results on Mac OSX10.4 Tiger using WMP9.0.0.3077 vs ... is the one used by the media server to determine the stream bitrate ...
    (microsoft.public.windowsmedia.player.web)
  • Re: Word 2004 only pulling up read-only from server; cannot save
    ... I have no answers for you but I have escalated this to Microsoft. ... Mac Word FAQ: ... > the same problem when running Server 10.3.9. ... >>> open files from the network and save them on the network. ...
    (microsoft.public.mac.office.word)
  • RE: DHCP
    ... Asunto: Re: DHCP ... I am looking for a way to block any PC that plugs into my network ... Windows Server 2008 can do this, but I'm not sure about 2003. ... MAC, this server will send IP address and parameters for configure the ...
    (Security-Basics)
  • Re: Cant access secure Web pages
    ... server. ... This is a description of how you may, in the future, configure a DHCP ... network, and which need to be contacted via the Default Gateway. ... with it's hardware Ethernet MAC address in. ...
    (uk.comp.sys.mac)