5

I need to generate an Ethernet header that includes the destination MAC address, (since libnfnetlink gives only the IP header before prerouting takes place), the outgoing interface number is also known, so the lookup can be made in the correct network.

What's the library/function to resolve the MAC address from an IP address?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
kagali-san
  • 2,964
  • 7
  • 48
  • 87
  • duplicate?: http://stackoverflow.com/questions/1092463/getting-the-mac-address-of-the-remote-host – zsalzbank Dec 18 '10 at 23:18
  • @codethis, no. its about linux – osgx Dec 18 '10 at 23:26
  • as far as I know - the IP protocol works the same regardless of your OS. If you can't get the MAC from one OS, you can't get it from another. – zsalzbank Dec 18 '10 at 23:29
  • @codethis, I have IP destination and network # (multiple interfaces on the machine). I want to do ARP lookup from user program, reconstructing the ethernet header from known source mac (gah, that library needs a postrouting hook!) and destination IP. – kagali-san Dec 18 '10 at 23:56
  • A newer duplicate with answer using `nmap`: http://stackoverflow.com/q/13552881/2157640 – Palec Feb 26 '14 at 05:30

3 Answers3

8

It's unclear why you need the MAC address, since that's usually handled for you at a lower level.

However, assuming your target is on your local Ethernet segment, you can use the arp command to look up values in the local cache. If the value is not cached... Well, that's a problem. Perhaps arping would help...

(Normally you'd send a packet to, for example, IP address 10.10.10.10, and your system would send an ARP packet out querying who-has 10.10.10.10, and a response would come back from that target system with its MAC address, and then it would be cached. (You can watch this happening with tcpdump.) Or when a system comes on line it would send out a broadcast message informing everyone else of its MAC address. Naturally, if your destination is on another Ethernet segment, you're routing to a gateway rather than directly to the destination, and no destination-MAC address is available.)

You might read further at:

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Mr.Ree
  • 8,320
  • 27
  • 30
  • Arping is very useful when you need to diagnose e.g. duplicate ip addresses on the network; or even eliminate this as the cause of a connection failure. Speaking as I just had this issue today! – Barry Kelly Jul 30 '13 at 15:09
4

Obviously you can only find the MAC address for directly connected IP addresses, but there's no platform-independent way of doing it. On Linux, you can look in /proc/net/arp after sending something to the target to trigger the kernel to send the ARP.

Edit to add you could also use the SIOCGARP ioctl() though that just looks in the ARP cache, so it won't send an ARP if there isn't one already there.

Otherwise, you would have to craft your own ARP request packet. You could probably reuse a bunch of code from arping if you go that route.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
eater
  • 2,697
  • 1
  • 21
  • 24
  • arping is a good hint.. it seems to be another pcap-based mountain bike, but guess there's no other way to build resolver – kagali-san Dec 19 '10 at 00:00
1

You cannot in general get the MAC address from the IP address, and in fact as IP can run on data link protocols other than ethernet, some IP addresses have no corresponding MAC address.

The MAC address is only available and only relevant on the same ethernet segment. On that segment, it can be retrieved by an ARP request.

Don Roby
  • 40,677
  • 6
  • 91
  • 113
  • I need to send a modified packet to same ethernet segment, once the original packet was dropped. I can do modification and drop, but cannot resolve destination MAC which is needed for the low level stuff to deliver the packet. – kagali-san Dec 18 '10 at 23:58