Retrieve unknown IP if Mac is known

[peterfarge]

Often I have a unknown router to fix. I connect the router via a cable to an external switch to my Debian machine. I use netdiscover to obtain the current IP address, but it works only after several router turn off and ons. Can I use arping for this task? I know the MAC address of the router (plate on the backside) and because of its the same Ethernet segment it should be possible? But I always get timeout as answer:

arping -c 4 -b -i eth0 00:11:22:33:44:55
arping -c 4 -B -i eth0 00:11:22:33:44:55
arping -c 4 -0 -i eth0 00:11:22:33:44:55
root@Debian:~# arping -c 4 -i eth0 00:11:22:33:44:55
arping: clock_getres() = 0 1
arping: libnet_init(eth0)
arping: libnet_init(eth0)
arping: Successfully chrooted to /var/run/sshd
arping: Successfully dropped uid/gid to 65534/65534.
arping: pcap_get_selectable_fd(): 4
This box:   Interface: eth0  IP: 192.168.1.2   MAC address: 00:11:22:33:44:55
ARPING 00:11:22:33:44:55
arping: sending packet at time 13129.152552669
Timeout
arping: sending packet at time 13130.153587683
Timeout
arping: sending packet at time 13131.154612564
Timeout
arping: sending packet at time 13132.155633321
Timeout

--- 00:11:22:33:44:55 statistics ---
4 packets transmitted, 0 packets received, 100% unanswered (0 extra)

In your FAQ, you say that /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts has to be 0 to get answers. I looked at several routers and they all are set to 1. I put a 0 into it on one of my routers and restarted /etc/init.d/network restart and tried arping, but its still timeout.

So I cannot use arping for my problem?

[ThomasHabets]

You don't need to do any network restart. Just setting it to 0 takes effect immediately. (cat the file to confirm).

It works for me. You're saying you successfully set that value 0 zero on the target that you're pinging?

You could also try this script

[peterfarge]

I tested it again with a second debian machine and now the arping on a mac address worked :) The first test failed, because it was a OpenWRT linux (no arping on a mac answers even though icmp_echo_ignore_broadcasts=0). If you go to the firewall menu and turn off the 'Drop invalid packets' checkbox, then I get also arping on Mac from OpenWrt. Additional there is a TP-Link router where I can telnet on, I can see that icmp_echo_ignore_broadcasts=1 but he answers arping mac requests anyway. Strange...

Your script is arping on a mac with a additional IP address parameter in a loop. It worked, regardless how icmp_echo_ignore_broadcasts is set. The problem is that there are only two routes in a normal host: One route about the localnet and a default route for all other packets. If the arping goes into another net, the packets go to the default router and he doesnt know what to do and will drop the packets. You have to add and remove a localnet-route for every subnet you are arpinging. And you have to assign a ip into this subnet for the localhost and have to test if the ip isnt already taken. And also there are some more private net ip ranges possible. I think I dont want to see such a script. Then I stick to the electricity on/off method. Thanks anyway :)

[ThomasHabets]

Yeah it's not the prettiest of scripts. I have an old feature request to make it part of the binary, which would make it cleaner, but there appears to be little need for it (including that I've never really needed it), so I don't want to add and support a feature that nobody really needs.