Broadcast message not recived by my network device - broadcast

I want to list all the valid ip present in my local network. For that i tried pining my broadcast address then i queried ARP table. While doing some network devices ip addresses are not getting listed in ARP table. If I do ping that particular ip address then if i query ARP table those are getting listed. Why such behaviour ?

While doing some network devices ip addresses are not getting listed
in ARP table. If I do ping that particular ip address then if i query
ARP table those are getting listed. Why such behaviour ?
Hosts can be, and quite often are, configured to ignore broadcast pings. This is the default at least for some (I'd like to say "most") Linux distributions and Windows versions. RFC 1122 (section 3.2.2.6) explicitly allows this.
I want to list all the valid ip present in my local network.
For that, you may either try to (unicast) ping each host on your subnet, or run a host discovery with nmap.

The ARP-table is just a cache for your machine to skip the ARP lookup everytime you try to access Another machine. So, if you haven't communicated witih a specific IP-address Before there will be no record in the ARP-table about that specific IP-address and corresponding MAC.
If you run for example WireShark you'll see that your machine (should you communicate with a machine for the first time) will send out a broadcast message stating, more or less "Who has 192.168.0.4 (just an example) - Reply to 192.168.0.19). When that reply comes back it will then store the MAC and corresponding IP in the ARP table.
For more information regarding this, have a look here:
http://www.tummy.com/articles/networking-basics-how-arp-works/

Related

Is a network device hostname determined by the device itself or a network admin?

I have a local network with several PCs and specialized controllers on it. These specialized controllers must be configured with static IP addresses and do not have DHCP capabilities.
I was asked to put together a list of the device hostnames and IP addresses. It's easy to figure out the IP address of each device, however, I'm struggling to find out the host name for these specialized controllers. If it were a Windows PC, I would simply navigate some menus to find the host name.
I'm confused about how the host name is configured for network devices in general. For Windows PCs, it seems like the PC itself determines its own host name. When it joins a network, it simply broadcasts its host name to a DNS server and the DNS server remembers it. For devices that are not DHCP, it seems like I would need to manually go to a DNS server and enter the host name for the specific IP address.
So what exaclty determines the host name? The device itself or a network admin?
This more of networking question and belongs to ServerFault - you will get your answer faster there.
If it were a Windows PC, I would simply navigate some menus to find
the host name.
What kind of system is there if there is no Windows? Linux, *BSD, AIX, other? I'll answer for Linux for now.
So what exactly determines the host name? The device itself or a
network admin?
This depends on your configuration in Linux check - /etc/nsswitch.conf
e.g.
hosts: files dns
Which defines that the hostname will be defined by /etc/hosts and if it is not found there it will check DNS next.
If hosts file, the local resolution, contains the pair ip <-> name it is used. If the DNS takes precedence and it contains the pair it is taken from there. As shown above, it can contain both at once in defined order, then the resolution is done in that order.
By the way, DHCP server can give you static IP addresses based on your MAC address so your controllers will have always the same IP address, if same network card is used. It is way easier to manage than configure all servers manually.

Capture Packet Dump from a Specific Domain

I am working on a Deep Packet Inspection project of my own. In order to test this, I need https/ssl packet dump from a specific site.
As an example I want to capture all the packets transmitted during a Facebook session.
I tried wire-shark but I do not know how to capture packets, only related to Facebook since they can be originated from different domains, not only from www.facebook.com
Can anyone suggest me a way to do this?
Thank you.
Not sure wireshark can do it now. Correct me if I am wrong, currently it supports capture filter like "host www.facebook.com" by doing a DNS query to get a list of IP addresses for this hostname. Then it generates binary code to filter out packets to/from those resolved IPs.
If you know the list of hostnames in this domain (x1.facebook.com x2.facebook.com ...), you can create a filter like "host x1.facebook.com or host x2.facebook.com ..."
If you don't know the list of hostnames, then you have to write a specific capture software, which monitors all the DNS queries sent from the host, if it's for xxx.facebook.com, then keep track of the resolved IP addresses, save any packets sent to/from these IPs. For this to work, you have to clear DNS cache.
Hope it helps.

LAN multicast enabled or not?

I am trying to write code on OSX in c (can use objective-c too if easier) to determine if multicast is enabled on the current machine (router the machine is connected to). To do this I am trying the following steps:
Open a port and send data over multicast.
Listen for responses on all active adapters.
Filter out the 'loopback' adapter.
If no replies, multicast is likely disabled.
Being new to network programming, I don't understand how I would get a response from any active adapters by sending out random data, unless I had software installed on the machines that were listening. Is there a certain multicast IP reserved that will always elicit a response, or is there a better way to go about doing this?
To determine if a machine has IP multicast addresses active (which is what I think you mean by "multicast is enabled"), look at the routing table and see if you find one or more IP v4 addresses in the range 224.0.0.0 to 239.255.255.255.
Multicast is implemented by DHCP, which is not your local computer. DHCP allocates addresses whihc correspond to multiple clients that are connected to that DHCP server. When you craft a multicast message, you send it to this DHCP server, which then takes the packet, finds the clients who are mapped to that multicast address, and then send it in a special packet that routers automatically duplicate (so if you have 2 people part of the group connected to 1 router, and that router is connected to another router (called router 2), router 2 won't send two packets, it will send one, and then router 1 will send two copies to its clients. The purpose of this is to speed up delievery time and not send duplicate data). As far as the clients, the clients aren't "set up" to allow multicast, but rather the router sets them up, and the rest is transparent to the client. The way you would have to find out if a client is connected to a multicast group, is to see if the DHCP server has created a multicast group, and then find the computer names from the IP addresses that are mapped to the multicast group.
By listening to all active adapters, you're not going to get anything but packets, which aren't going to tell you if its part of a multicast network, since they're going to look like every other packet (since the router will change the multicast address to YOUR ip address before you even see the packet). That's the beauty of multicast.

IP Address using VB.Net Code

What kind of IP address does whatismyip.com provide?
How can I get it using VB.Net code?
Also what is IP port?
Thanks
Furqan
PART 1
Okay, let's pretend you have a router in your house and that you have several computers in your house all connected to the internet through your router.
In order for the router to know where traffic goes on your network, it assigns unique IP Addresses to all computers on your home network (Usually beginning with 192.168.x.x). These IP addresses are local ip addresses, meaning only your router and computers/devices connected to it in your house knows about them. If you open a command prompt and do command IPConfig you will see the IP address that your router has assigned your computer.
So what is the IP address that WhatIsMyIP.com showing you? In much the same way that your router assigns addresses to all the computers on your network, your internet service provider hands out unique IP addresses to all of their customers. Now, because you have a router, the only thing the ISP can see on your network is that router and your ISP assigns an IP address to it. This is why routers are also called hardware firewalls, because people on the other side of it, can't tell how many computers or devices are connected to it.
What this means is, when you are visiting websites on the internet, the only IP address they see is your routers external IP address (the one assigned by your ISP). So no matter which computer in your house you use, the website wouldn't know the difference because all it can see is your router's IP address. Go ahead and try it; go to www.WhatIsMyIP.com on several different computers in your house. You will see that they all show the same IP address. However, if you did IPConfig in your command prompt on each computer, that shows you the local address your router assigned and it would be different on every computer in your home.
So, now that you understand the difference between local and external IP addresses, how would you retrieve your external IP address in VB or C# .net code that is running on your PC? Well the only IP address your computer is actually aware of is that local IP that we talked about. The only way you can see your external IP address is to go to a website that tells you what address the request came from (which would be your router's IP address).
What you would need to do is write up some code in your VB.net program that would navigate out to WhatIsMyIP.com (or some other website that can give you your IP address) and tell the code to grab it. I have written a web service located at http://www.u413.com/test/terminal/myip that returns only your IP address as the entire HTTP response. Find something similar though for your application because this little sample will not stay there forever; I only put it up there as a temporary example on a domain I already own.
Visit http://www.vbdotnetheaven.com/UploadFile/kbawala/WebRequestClass04182005054320AM/WebRequestClass.aspx to see how to make web requests from code running on your computer.
NOTE: You may not be aware of what DNS is either if you are unaware of how IP addresses work. Everything on the net has an IP address, including the servers that serve up website pages. But what a pain that would be, trying to remember up to 12 digit IP addresses for all your favorite websites. That is what DNS servers were invented for. DNS servers take a domain name (e.g. www.facebook.com) and translates it into the correct IP address. That way all you need to remember is facbook.com instead of 69.63.181.12 (this is facebook's IP address. Go ahead, try it! Put that IP in your browser's address bar and you will see facebook.), domain names are much easier to remember!
If you want to see the IP address associated with a website, open up a command prompt. Once the prompt is open type PING [websitedomain] (e.g. PING Facebook.com) and your computer will send 4 test requests to the address which is displayed for you.
PART 2
Let's pretend your IP address is like the address of an apartment buliding. The pizza delivery boy needs to know the address to the apartment building in order to deliver your pizza. But what is he going to do when he gets there? There are hundreds of doors/apartments to choose from. He needs to know the apartment number (port number on your computer).
Your computer has thousands of ports, and programs can listen on any one of them for requests from the outside world. When you go to a website almost all websites are served on port 80. Port 80 is the default port for web pages. When you go to facebook.com you are actually going to facebook.com:80, you just don't see the :80 because it is implied since it is the default. If I put up a web server, I could decide any port to serve websites on. If I served web pages on a different port than port 80, then you would have to include it in your URL. http://www.SomeDudesCustomWebServer.com:1337.
Outgoing requests use a port too, but that one is usually unimportant and your computer just picks one that is available. So when you go to Facebook.com, the facebook web servers are all serving up pages over port 80, but the port your computer opened up to send the request does not have to be port 80 because it picks an available port and then sends the port with the request. Then when facebook sends its response, it sends the reply back to the ip address and port that made the request.
Outgoing ports are only used for the duration of the request. Ports that must listen for connections must stay the same otherwise the computers making requests would have no idea what port to send the request to.
Easy huh!
Hope that helps you understand a bit better.
EDIT:
Port Forwarding
Okay, in light of the chat application you want to use/create, if you want it to communicate over the net you'll have to learn about port forwarding. Basically, because all you could see of your friend's network would be his external ip address, you will have to use that address to connect to his chat server (or vice versa if he is connecting to your chat server then it will be your external IP). Because of this, the connection request would only get as far as the router that has the external IP, but it would not know what computer on the network to forward the request to.
You will need to access your router's firmware and set up port forwarding so that the router knows to forward requests on a specific port, to a specific computer on the network. Visit http://portforward.com/ for more detail on how to setup port forwarding.
EDIT 2:
Firewall
When setting up stuff to communicate with your computer using your PC, you may start getting frustrated that it just won't connect. What is likely stopping you is your firewall. By default, most ports on your PC are completely blocked by the windows firewall. For each port that you want to communicate on you will want to go into the firewall and create a rule that will open up the port. Go here http://www.top-windows-tutorials.com/windows-7-firewall.html for a video on how to use the windows firewall. I did not watch it, but it is what came up first on a google search.
Do not simply disable the firewall. Even though this is an easy and quick solution to open up all your ports, you are leaving yourself open to attack. Viruses love to set themselves up in your computer if they can and listen on an open port for a connection from their beloved creator so he can obtain access to your PC. Only open the ports you need.
UDP vs TCP
When opening and forwarding ports you may notice that it asks for UDP (User Datagram Protocol) or TCP (Transmission Control Protocol). What they stand for may not make sense but all you need to know is this: UDP is for single packet transmissions which means that two packets sent by a pc may or may not be related to each other. These types of data packets are usually used for broadcasts on a local network. An example I would use is LAN games. When you host a game on a LAN the other computers/devices can see the name of the game and join it. That is because the computer hosting the game is transmitting a UDP broadcast across the entire LAN so that any devices can see the game. Those UDP transmissions usually contain the name of the game and the connection info required to connect to the game.
TCP is for continuous packet transmission. TCP requires an established connection, any packets transmitted on this connection are always related to that one connection/request. To continue my example from the last paragraph, once you click connect on the LAN game, your computer then establishes a TCP connection with the host and uses that connection for the duration of the game or games. TCP is the most commonly used connection type and your chat program would likely communicate over TCP, especially if you are connecting across the net because UDP broadcasts are useless across the internet. UDP is only really useful on a LAN.
You should be safe forwarding and unblocking only the TCP ports, but sometimes when I'm unsure I just do both UDP and TCP just to be safe. In fact, many routers and firewalls have 3 options: TCP, UDP, or Both which saves you from having to create two rules for both types of the port.
When in doubt, open/forward both.
What's my ip provides your IP v4 public address.
It's really easy to retrieve it, this topic explain how to proceed : How to get the IP address of the server on which my C# application is running on?
The code is only a few lines long, so the language (c# in this example) does'nt matter.
They provide your external internet facing IP.
This IP will depend on how you connect to the internet. If you connect straight from your computer to your ISP without any kind of router or firewall in between, it might be the same as your internal IP, but in most circumstances this will not be the case.
If you're at home and you've connected via a router of some kind, then you might be able to query it for the IP, but there is no standard way of doing this.
There is no standard way of getting hold of your external IP from the client it self. If you've got access to a server on the internet where you could deploy some code you could connect to that server from your client PC and ask it what IP you're connecting from.
IP Port Numbers
I also needed external IP using command line, but because I didn't find it I wrote small application using vb.net. You can use reflection for source code or ask on app home page for it. Basically application opens web page that provide your IP and parse it using regular expression, but because is designed with this purpose uses many "tricks" for this (can use more web pages at once, uses fastes page, etc). Check source for details.

Broadcasting hostname and IP address

In order to notify all computers within the same LAN about my existence, I want to broadcast my hostname and IP address.
How do I go about doing so without sending them as a string?
Avik, this is what DNS is meant to be used for. While "regular" DNS is meant to hold names and IP addresses for each machine (statically configured), there is a dynamic DNS protocol which allows machines to update their DNS entries in real time.
This sort of capability is used in some of the office environments for my clients where printers on a machine are shared but the machines they're attached to use DHCP (meaning their IP address can change).
See here and here for details and the Windows implementation with DHCP.
Lets call your machine that wants to advertise itself the SERVER and all the machines that can use it, the CLIENTS.
Of course, dynamic DNS only notifies DNS itself of the name/IP mapping and is useful if the CLIENTS are already aware of your SERVER so they can get the IP address from DNS. If you have no way for CLIENTS to discover that your SERVER has just been added, you'll still need to broadcast a packet occasionally indicating that your SERVER exists (this will only need the SERVER name since CLIENTS will use DNS to get the IP address).
This broadcast packet should be picked up by all CLIENTS and kept in a local table. If the communications from a CLIENT to your SERVER fails, the local table entry for your SERVER should be removed (it'll be re-added when your SERVER broadcasts again).
Basically re-inventing NetBIOS or ZeroConf, as popular with small embedded devices for discovery by a Windows or OS X based installer or setup utility.
You can try to use UPnP Discovery.