4

I am trying to find out mac address of a machine in a switched environment after sending it a raw packet. I am trying to implement traceroute command . I want to know when i receive a ICMP time exceeded message how can I extract the mac address of that machine . I am a new to network programming so am confused what socket call will help me to extract the mac address.

Thanks .

alk
  • 69,737
  • 10
  • 105
  • 255
j10
  • 2,009
  • 3
  • 27
  • 44
  • also please suggest me some good book for understanding sockets thoroughly . – j10 Oct 19 '11 at 11:11
  • 2
    W. Richard Stevens' UNIX Network Programming http://www.amazon.com/Unix-Network-Programming-Sockets-Networking/dp/0131411551 - I only have the 1st edition, which I could strongly recommend ... - anyway I assume the 3rd isn't less enlightening. – alk Oct 19 '11 at 12:13
  • Try this: http://stackoverflow.com/questions/4012921/how-to-determinate-destination-mac-address – Piotr Praszmo Oct 19 '11 at 12:45

3 Answers3

4

No, you can not extract MAC address from ICMP reply.

You can only determine MAC addresses of linked machines next to you. In ICMP(tracert) you can just find out the IP address of target or middle machine.

If you want to detect MAC addresses, you should use ARP protcols where it's applicable in local networks not Internet.

ICMP protocol starts after IPv4 header[1] and MAC addresses is related to physical/link layer. In low level layers the MAC addresses will transparent from top level layers such as network(IP) or Transmission,...

To determining MAC addresses, you should use Raw sockets or PCAP SDKs to access lower layers of network programming. (I say again, these are not useful over Internet)

masoud
  • 55,379
  • 16
  • 141
  • 208
  • Then in order to implement traceroute mac command which traces route at layer 2 how should I proceed ? – j10 Oct 20 '11 at 14:25
  • You can use ARP which is ["An Ethernet Address Resolution Protocol"](http://tools.ietf.org/html/rfc826). There is no standard method to retrieve MACs over Internet. – masoud Oct 20 '11 at 18:41
0

In general, on internet, you don't even know the media a host is using for transmitting packets. Let's suppose a remote host is conected over a serial rs-232-C link with PPP protocol. It doesn't have a mac address. This also happens for example if the host uses a token ring interface or frame relay link. This makes determining the remote mac addresses of hosts a local issue completely. Normally, when you get a packet from a remote site over ethernet, the source mac addres you get in the packet is the one of the last router that links you to the internet, not the one of the original host that sent the IP packet. In the RFC on IP over avian carriers (rfc1149, rfc2549 and rfc6214) the media used for transmission doesn't allow to use mac addresses (the link address, if somewhat feasible on a pidgeon could be, would be its name)

If you want to read about traceroute on ethernet network of switches, perhaps you had to have a look at the IEEE802.1ag, that has an specification to do tracerouting over switches (tracelink service) but I think is far over the scope of this answer.

Luis Colorado
  • 10,974
  • 1
  • 16
  • 31
0

Like Masoud M said, you can only get the MAC address of machines that are on your local network. That said, you can parse the output the arp command to find the MAC address given the IP address of a machine one your local network.

Sam Skuce
  • 1,666
  • 14
  • 20
  • Then in order to implement traceroute mac command which traces route at layer 2 how should I proceed ? – j10 Oct 20 '11 at 14:26
  • @JitenShah, are you talking about the Cisco Layer 2 traceroute described at http://routemyworld.com/2009/05/01/layer-2-traceroute/? If so, that requires the use of Cisco's proprietary Cisco Discovery Protocol. You may be able to do something similar with the open Link Layer Discovery Protocol, but the equipment along the route needs to implement that protocol, and you will have to read the documentation to see how to discover how the devices are interconnected. Also note that both CDP and LLDP are still limited to the local network, and you can't get MAC addresses outside the LAN. – Sam Skuce Oct 20 '11 at 16:55
  • Thank you . yeah was talking about CDP. In that case i wish to implement then how should i proceed algorithm wise ? I am not able to visualise how this works for layer 2 . when you say : traceroue mac1 mac2 then how does this work ? IS that I need to use RARP (Reverse ) and find out IP of two devices used in nthe command and then do a trace route @ layer 3 which will fetch IP and then use ARP to get the MAC address of intermediate devices. How can CDP help me ? – j10 Oct 23 '11 at 12:17