Re: Translate MAC address to IP address
From: Nick Barnes (Nick.Barnes_at_pobox.com)
Date: 08/13/03
- Previous message: Mikhail E. Zakharov: "1 server, 1 net, 2 cards"
- Maybe in reply to: Nick Barnes: "Translate MAC address to IP address"
- Next in thread: Lars Eggert: "Re: Translate MAC address to IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Robert Watson <rwatson@freebsd.org> Date: Wed, 13 Aug 2003 15:28:05 +0100
At 2003-08-13 13:58:51+0000, Robert Watson writes:
>
> On Wed, 13 Aug 2003, Nick Barnes wrote:
>
> > I have written a small utility for traffic volume monitoring on an
> > Ethernet segment. It uses libpcap to capture the ethernet header of
> > every packet and counts traffic volume by source and destination MAC. A
> > bit like a lobotomized tcpdump (and indeed that is what I started with).
>
> The easiest way would actually be to expand your tool to also look at the
> IP header and track usage at the IP level in the first place.
But the IP addresses in the packets are not interesting to me. I want
to track usage according to router on the local subnet, not according
to IP address of the ultimate (possibly distant) sources and
destinations. That's why I'm looking at the MAC addresses in the
first place.
I have a routing subnet, with a bunch of gateway machines on it. For
the purposes of this application, I neither know nor care about the IP
addresses of the machines behind those gateways. Packets coming
through will have IP addresses of those distant machines but the MAC
addresses of the gateways themselves. Other than that, the
application is broadly similar to your bpfmon. Thanks for those
sources.
I'm leaning towards a routine which will send a simple packet (maybe a
ping) to all IP addresses on the local subnet, then waits for a short
while (long enough for all the ARP exchanges), and then harvest the
results from the local ARP table. This seems easy enough to create
(given the sources to ping and arp, of course). It won't work for
machines which are off the network when I trigger the ARP; I guess I
could do it at the beginning and then do it again if I see a MAC
address which I didn't harvest.
Nick B
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Mikhail E. Zakharov: "1 server, 1 net, 2 cards"
- Maybe in reply to: Nick Barnes: "Translate MAC address to IP address"
- Next in thread: Lars Eggert: "Re: Translate MAC address to IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
