Re: Any reasons to filter ARP packets?

Ertugrul Soeylemez wrote:
"Mikhail Zotov" <muxaul@xxxxxxxx> (06-04-07 00:58:23):
So getting your MAC address is as simple as sniffing. And we have
seen that it's possible in all cases.

Perhaps, this is even easier. I have disabled "arp" on eth0, and the
log has been empty for some time. Then, records about new connection
attempts appeared. I am not quite sure about output of tcpdump but it
seems information about MAC addresses is provided by the router. Thus,
sniffing is not needed. Just ask the router. ;-)

Yes, as soon as the router gets its hands on your MAC address, it saves
that relation in an internal list. To prevent broadcasting it needs to
know, which MAC address is listening on which of its ports. However,
there is no default way of 'asking' the router. But you can do this
indirectly, which in turn requires sniffing.

Can't this be done in a simpler way? A program sends some SYN packets
to *all* hosts in the LAN, e.g., packets addressed to port 1433
(ms-sql-s) (which appears to be quite common in the LAN). Thus, it
needs to get to know MAC addresses of *all* hosts in the LAN. It seems
it is the router that provides this information since my host doesn't
reply to the requests. This is just a guess but I doubt so many
windoops winnies in the LAN obtain MAC addresses by sniffing the
traffic. (BTW, the ISP seems to be running FC).

Regards,
Mikhail

.

Relevant Pages

  • Router knows it all?
    ... and all the hosts on my LAN have private addresses. ... router performs NAT so that we can all access the internet (well over ... Does anyone know a home broadband internet router typically ...
    (comp.dcom.lans.ethernet)
  • Re: Router knows it all?
    ... my router has a built-in HTTP daemon which provides a web page for configuring the router. ... When I go into "LAN statistics", it tells me what hosts are on my LAN. ... For instance, in Windows, I have a little icon in the bottom right corner; the icon is two little machines, and it represents my NIC network connection. ...
    (comp.dcom.lans.ethernet)
  • Re: Help !
    ... > and 15 VLANs in my LAN. ... I can detect the IP address from mac ... on layer 2 in the LAN. ... the only easy way to find out about the hosts in your network is to ...
    (microsoft.public.windowsxp.network_web)
  • Re: Terrible Web Surfing Speed
    ... All hosts are on a LAN behind a Linksys router. ... Perhaps there is a way to set that up with DHCP ...
    (comp.os.linux.networking)
  • Re: WR850G as wireless bridge?
    ... I've upgraded the router to 6.1.4 and tried to get this working. ... My main router is a Barricade 802.11b. ... I've assigned it a LAN IP ... a totally made up MAC and it reported that as "up" also. ...
    (alt.internet.wireless)