Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've got a machine on my lan that's currently shutdown. I want to bring it online with WOL but for the life of me can't remember the mac. I have used that machine in the past to ssh into a server and do a few other things. My router doesn't log macs anywhere but in dhcp but the machine is configured statically. Is there any way I can get the mac of the machine or just send a magic packet to everyone, there are only a handfull of machine on the lan. Thanks in advance.
Oh, if it's applicable, the server is Debian Lenny and the machine to be waken up is Mint 9
jschiwal, arp was the first thing I tried, but it had already been release from the cache.
eantoranz, that did the trick. I assume there's a time limit on how long entries are kept in that table, if so how long is it? I checked out the man page but didn't see any mention of a time.
I bet the amount of time one entry is saved in cache can be modified..... however, I don't have a clue as to where to change it... as a matter of fact, I don't think it's a good idea to change it as in networking these values are more or less standard.
See what you can find out about the files in /proc/sys/net/ipv4/conf/all, also these commands could help:
man arp
man 8 arp
man proc
Perhaps you will find something useful out of that. Good luck!
Did you ping the host just before running the arp command? The reason to ping it first, is to get it in the table, and read the table right away before the entry expires.
I tried "ip neigh show".
Code:
ip neigh show
192.168.1.106 dev eth0 lladdr 18:a9:05:1f:16:ff REACHABLE
192.168.1.1 dev eth0 lladdr 00:21:29:68:da:35 REACHABLE
192.168.1.103 dev eth0 lladdr 00:10:75:05:19:8e REACHABLE
Then using nmap, it showed these IP addresses:
Interesting ports on router (192.168.1.1):
Interesting ports on 192.168.1.103: Interesting ports on netcow.jesnet (192.168.1.105):
Interesting ports on elite.jesnet (192.168.1.106):
Poked around a bit, from what I can find "/proc/sys/net/ipv4/neigh/eth0/gc_stale_time" contains the cache timeout which seems to default to 60 seconds. I have 5 boxes on my network, all statically configured so I don't think there's much harm in increasing the limit. I looked at arpwatch, but that seems too heavy for this issue.
I can't ping the host first, it's shutdown. I wanted to get the mac so I could send a magic packet to that host and kick the machine on remotely.
Do you suppose I could write a script that polls the arp cache at an interval and saves it to a file?
This could be something of an overkill.... and it's alpha... but it's something I worked on. Perhaps you could take over (and finish it) if you like it.
That's an interesting idea. I downloaded and compiled it, runs fine but I have to put the 'server' on another machine later. If you're serious I wouldn't mind taking the reins.
I can't ping the host first, it's shutdown. I wanted to get the mac so I could send a magic packet to that host and kick the machine on remotely.
I'm smacking myself on the head.
Quote:
Do you suppose I could write a script that polls the arp cache at an interval and saves it to a file?
Some people will statically assign ip/arp table entries. Especially for the ethernet addresses of DNS and DHCP servers. There is a standard file, /etc/ethers, which you can fill with ethernet ip address pairs and then run "arp -f /etc/ethers".
From man 8 arp:
Code:
...
-f filename, --file filename
Similar to the -s option, only this time the address info is taken from file filename set up. The name of the data
file is very often /etc/ethers, but this is not official. If no filename is specified /etc/ethers is used as
default.
The format of the file is simple; it only contains ASCII text lines with a hostname, and a hardware address sepa-
rated by whitespace. Additionally the pub, temp and netmask flags can be used.
There is a manpage for the /etc/ethers file as well.
You could run "nmap -sP <address range>" to collect the IP addresses of awake hosts, then then run
awk '/ether/{print $1, $3}' >>arplist
to add the current output of arp.
sort arplist | uniq
will remove duplicates. Doing this occasionally, you will collect a comprehensive list you can use for the /etc/ethers file.
Yes, sure.... take over it.... just respect the copyrights (I made the project to what it is so far.... but the copyrights are not mine). :-)
Should you give me the details for that sourceforge site, or should I just create a new one under a similar name?
Quote:
Originally Posted by jschiwal
I'm smacking myself on the head.
Some people will statically assign ip/arp table entries. Especially for the ethernet addresses of DNS and DHCP servers. There is a standard file, /etc/ethers, which you can fill with ethernet ip address pairs and then run "arp -f /etc/ethers".
From man 8 arp:
Code:
...
-f filename, --file filename
Similar to the -s option, only this time the address info is taken from file filename set up. The name of the data
file is very often /etc/ethers, but this is not official. If no filename is specified /etc/ethers is used as
default.
The format of the file is simple; it only contains ASCII text lines with a hostname, and a hardware address sepa-
rated by whitespace. Additionally the pub, temp and netmask flags can be used.
There is a manpage for the /etc/ethers file as well.
You could run "nmap -sP <address range>" to collect the IP addresses of awake hosts, then then run
awk '/ether/{print $1, $3}' >>arplist
to add the current output of arp.
sort arplist | uniq
will remove duplicates. Doing this occasionally, you will collect a comprehensive list you can use for the /etc/ethers file.
I'll try that, i've only got a few hosts so it shouldn't require that much work. I could easily go around and get the macs manually but what's the fun in that .
You will need to start the macs manually once. Once you do, you can gather the MAC addresses of their interfaces.
Another option is if you have a cable/dsl router. If you use DHCP, you may be able to bring up a web interface and examine the DHCP client table to gather the same info.
I assign MAC addresses to IPs permanently in my router configuration. This allows keeping a constant /etc/hosts file, which will be faster than zeroconf/bonjour/avahi.
This way, you have the advantage of using an /etc/hosts file, but still use DHCP.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
.
