-3

What I'm trying to do is get all the ip addresses in my network, and I thought, assuming I know the address of all subnets could use arp requests to achieve that if there was a way to forward these requests over different subnets.

For example , assume I had two hosts 192.168.0.2/24 and 192.168.1.2/24 connected via router using IP addresses 192.168.0.1/16 192.168.1.1/16. I would like to send an arp request from 192.168.0.2/16 to 192.168.1.2/16. I thought maybe if the arp request was encapsulated in layer 3 header containing 192.168.1.2/24, or 192.168.1.255/24 as the dsetination this will work.

If it is possible and you know a tool that does that I will be happy to know about this tool. If it isn't, I would like to know what happens to a packet like the one I described above

user3371266
  • 69
  • 1
  • 9
  • Actually, ARP doesn't give you an IP address; you give ARP the IP address, and ARP returns the MAC address. ARP is design to resolve a layer-3 (IP) address into a layer-2 (MAC) address on ethernet. – Ron Maupin Oct 10 '15 at 17:11

1 Answers1

0

I would like to know what happens to a packet like the one I described above

If you encapsulate some info into standard IP-packet, then, naturally, it will be routed to the IP-destination host. Yet if the remote host knew nothing about this non-standard packet, then nothing would happen.

If you really want to get something out of this, you need to have up and running some software server on that remote host, which is able to process your requests. That is, you need some Proxy ARP: either existing implementation, or made of your own.

If you don't have such "an agent" in the target subnetwork, then you're out of luck. Go with sequential IP-scanning until be banned by admin.

Matt
  • 13,674
  • 1
  • 18
  • 27
  • What usually processes these requests? Dont they usually have a layer 3 header? – user3371266 Oct 10 '15 at 16:42
  • What Proxy ARP does is to substitute the MAC address of the target with the MAC address of the proxy. This can happen for any off-net IP address, actually assigned to a host or not. It is typically used at the layer-3 boundary to fool the host into sending packets to the interface at the layer-3 boundary. It is considered a poor practice and a security problem. Proxy ARP tricks the sending host into believing all IP addresses are live at the MAC address of the proxy. – Ron Maupin Oct 10 '15 at 17:09