Re: scan for machines in the subnet

From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
Date: Wed, 07 Mar 2007 14:00:56 -0600

On Wed, 07 Mar 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <45ee72e6$0$24598$8404b019@xxxxxxxxxxxxxxx>, David Brown wrote:

Moe Trin wrote:

David Brown wrote:

I would have thought that a switch would not modify the MAC - after all,
it would mess up things like statically assigned IP addresses issued by
a DHCP server.

True - but if you're going to statically assign IP addresses, why not do
so directly? It usually takes less time to do so.

There are a few reasons. In the past, I've directly assigned IP
addresses for servers and the like - as you say, it's the easiest method
(no need to copy MAC addresses between leases files and config files).

We're an R&D facility, and are a bit paranoid, but also the way network
services are funded is a tax on each specific host connected. Thus, we
have procedures in place that keep track of inventory data, and that
includes MAC/IP address as well as where a computer is located (not only
room number, but which port on which switch). None the less, the paperwork
takes less than a minute, and actual configuration is a similar time. This
is done when the O/S is installed, or on the rare occasions when a computer
is moved. The paranoia means that in the event of an IP/MAC mismatch or
other strangeness, there will be a security guard and a member of the NOC
staff at the door within two minutes maximum - neither one smiling.

However, sometimes things change on a network - dns servers, networks,
etc. They don't change often, fortunately - but I'm reconfiguring
things at the moment (well, I'm planning it - when I've got my new
firewall and router set up, I'll do the reconfiguring), and that means
each manually configured server, workstation and printer must be
changed.

The hostnames and IPs of the DNS, NIS, servers and printers are pretty
much cast in stone. The DNS servers and routers haven't changed IPs
since they were set up in the mid-80s. The hardware has changed, but
not the names or IP addresses.

Printers in particular can be conveniently given an address by the DHCP
server, and that address can be locked in the DHCP server's
configuration, so that addresses are consistent thereafter.

Our printers change names when a new model is received (which generally
means a different printcap entry). But the names are in a recognizable
scheme (general printers are named after newspapers - I'm printing on
'ny-times' - while the spiffy top-of-the-line color jobs are named after
magazines - 'vogue' is the one I normally use now), and our users don't
concern themselves with that very often. They know the name of the
nearest printers (sign on the door, as well as on each printer), so it's
a no-brainer. Even name changes are easy, because the "word on the street"
gets to everyone (big sign on the printer room door "boston-globe is being
replaced with bangkok-post on Thursday") and when the change is made, the
old hostname no longer resolves. Even the most dense user figures it out
eventually.

I guess my main concern about a switch messing with MAC addresses is to
be sure that each PC (or other device) on the network has the same MAC
address every time. It doesn't really matter if the apparent MAC
address for a PC is its true MAC address, or some switch-modified
version, as long as it is always the same and always unique.

Look at the term 'Proxy-ARP'. If the switch is doing that, then all hosts
connected through the switch seem to have the same MAC address - that of
the switch itself. IP addresses are then used by the switch to do the
actual routing from port to port.

Old guy
.

Follow-Ups:
- Re: scan for machines in the subnet
  - From: David Brown

References:
- scan for machines in the subnet
  - From: peter pilsl
- Re: scan for machines in the subnet
  - From: Chris Cox
- Re: scan for machines in the subnet
  - From: Moe Trin
- Re: scan for machines in the subnet
  - From: Chris Cox
- Re: scan for machines in the subnet
  - From: David Brown
- Re: scan for machines in the subnet
  - From: Moe Trin
- Re: scan for machines in the subnet
  - From: David Brown

Prev by Date: Re: "transmit timed out" from kernel 2.6.19 on?
Next by Date: Re: list computers in network
Previous by thread: Re: scan for machines in the subnet
Next by thread: Re: scan for machines in the subnet
Index(es):
- Date
- Thread

Relevant Pages

Re: ip spoofed packets on a LAN, how to identify the source ?
... So, it's a local server that send IP spoofed packets, and try to bounce on my server? ... Even if the source MAC is spoofed, too, you can sometimes look in the arp table on your switch to see what port is associated with the suspect MAC address. ... BTW, if the packet is making it through the ASA, then the source MAC address you see on your server would be the MAC of the ASA. ...
(comp.os.linux.security)
Re: ip spoofed packets on a LAN, how to identify the source ?
... like 192.168.0.0/24, on a switch. ... So, it's a local server that send IP spoofed packets, and try to bounce ... The MAC address of the source packets is false... ... BTW, if the packet is making it through the ASA, then the source MAC ...
(comp.os.linux.security)
Re: Need HELP Transferring Print Servers PLEASE!
... Ok basically just looking for the best route to switch users (About ... Server 2003 box), we'll call print-serv1. ... So all the printers they ...
(microsoft.public.windows.server.scripting)
Re: Need HELP Transferring Print Servers PLEASE!
... Ok basically just looking for the best route to switch users (About ... Server 2003 box), we'll call print-serv1. ... So all the printers they ...
(microsoft.public.windowsxp.general)
Re: Need HELP Transferring Print Servers PLEASE!
... Ok basically just looking for the best route to switch users (About ... Server 2003 box), we'll call print-serv1. ... So all the printers they ...
(microsoft.public.windows.group_policy)