search

ThomasHabets / arping

ARP Ping
http://www.habets.pp.se/synscan/programs.php
GNU General Public License v2.0
398 stars 62 forks source link

Fail to ping device by MAC address #38

Closed dmak closed 4 years ago

dmak commented 4 years ago

Probably this is not an issue but rather a question.

Setup:

Three interfaces which are combined into one bridge br0:

# brctl show br0
bridge name     bridge id               STP enabled     interfaces
br0             8000.1c3e84cf4999       no              eth0
                                                        eth1
                                                        wlan0

Linux host is directly attached to Netgear router:

# arp | grep netgear
netgear                  ether   2c:b0:5d:a6:8e:02   C                     br0

Doublecheking that the router is 1-hop away:

# traceroute netgear
traceroute to netgear (192.168.10.5), 30 hops max, 60 byte packets
 1  netgear (192.168.10.5)  0.281 ms  0.277 ms  0.356 ms

I have compiled arping from this repo at commit 75b5cdd.

The problem:

I am trying to use arping to check if the router is up and responding using its MAC address (192.168.10.10 is IP address of br0):

# /usr/local/sbin/arping -c 3 -S 192.168.10.10 -i eth0 2c:b0:5d:a6:8e:02
ARPING 2c:b0:5d:a6:8e:02
Timeout
Timeout
Timeout

--- 2c:b0:5d:a6:8e:02 statistics ---
3 packets transmitted, 0 packets received, 100% unanswered (0 extra)

Just in case I messed up the interfaces (although I am sure it is connected to eth0):

# /usr/local/sbin/arping -c 3 -S 192.168.10.10 -i eth1 2c:b0:5d:a6:8e:02
ARPING 2c:b0:5d:a6:8e:02
Timeout
Timeout
Timeout

--- 2c:b0:5d:a6:8e:02 statistics ---
3 packets transmitted, 0 packets received, 100% unanswered (0 extra)

What I do wrong?

Additional info:

I have read the following topics on the subject, most advising to scan or broadcast ping the network and then analyse arp table as a solution:

Nevertheless is MAC-ping possible in my scenario? Thanks!

ThomasHabets commented 4 years ago

First a curiosity: Why are you using eth0 and eth1, shouldn't that be br0?

But did you also see this from the README:

---
Q: I can't ping any/some MAC address on my LAN.

A: Arping when pinging a MAC relies on the host to answer a broadcast ping
   (icmp echo request) properly (IIRC: not the windows way). If you want a
   host to pop up on MAC ping, you have to config it to respond to broadcast
   pings.
   (for linux, make sure /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts is 0)
A: -T <IP/host> allows you to restrict the arping to a limited subnet, which
   may or may not work for you. For example if the box 00:01:02:03:04:05 is on
   192.168.0.0/24 then the broadcast probably is 192.168.0.255, so try:
   # arping -T 192.168.0.255 00:01:02:03:04:05
---

You can also try adding (in your case) -T 192.168.10.5. If it works with that, but not without, then probably you can't ping that host by MAC address.

But also see the rest of the README in case other FAQs answer your question.

dmak commented 4 years ago

Thanks for referring to README. I've tried to apply all your advises and it didn't work:

# cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
1

# echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# /usr/local/sbin/arping -c 3 -S 192.168.10.10 -i br0 -T 192.168.10.255 2c:b0:5d:a6:8e:02
ARPING 2c:b0:5d:a6:8e:02
Timeout
Timeout
Timeout

# /usr/local/sbin/arping -c 3 -T 192.168.10.255 2c:b0:5d:a6:8e:02
ARPING 2c:b0:5d:a6:8e:02
Timeout
Timeout
Timeout

--- 2c:b0:5d:a6:8e:02 statistics ---
3 packets transmitted, 0 packets received, 100% unanswered (0 extra)

However when I set IP address explicitly, it works:

# /usr/local/sbin/arping -c 3 -T 192.168.10.5 2c:b0:5d:a6:8e:02
ARPING 2c:b0:5d:a6:8e:02
42 bytes from 192.168.10.5 (2c:b0:5d:a6:8e:02): icmp_seq=0 time=266.875 usec
42 bytes from 192.168.10.5 (2c:b0:5d:a6:8e:02): icmp_seq=1 time=407.463 usec
42 bytes from 192.168.10.5 (2c:b0:5d:a6:8e:02): icmp_seq=2 time=427.208 usec

--- 2c:b0:5d:a6:8e:02 statistics ---
3 packets transmitted, 3 packets received,   0% unanswered (0 extra)
rtt min/avg/max/std-dev = 0.267/0.367/0.427/0.071 ms

but it does not meet my needs. Closing the ticket as it seems that I cannot ping the host by MAC in this case (although I am interested to know what could be the reason).

ThomasHabets commented 4 years ago

The change of that sysctl must be on the target host, not the one you run arping on.

But yeah, if you don't know the IP address then likely it won't work. You can try the scanning script depending on what you want to do, but that's about it.