Geek Answers Handbook

How can I extract mac address from icmp response in c on linux

I am trying to find the MAC address of a machine in a switched environment after sending an raw packet. I am trying to execute the traceroute command. I want to know, when I get an ICMP timeout message, how can I extract the mac address of this machine. I am new to network programming, so I am confused that calling a socket will help me extract the mac address.

Thanks.

+4
source share
3 answers

No, you cannot extract the MAC address from the ICMP response.

You can only determine the MAC addresses of the connected machines near you. In ICMP (tracert), you can simply find out the IP address of the target or middle machine.

If you want to determine MAC addresses, you should use ARP-protcols, where applicable on local networks, not the Internet.

ICMP starts after the IPv4 header [ 1 ], and the MAC addresses are associated with the physical / link layer. In low-level layers, MAC addresses will be transparent from higher-level layers such as network (IP) or transmission, ...

To determine the MAC addresses, you must use Raw sockets or the PCAP SDK to access the lower layers of network programming. (I say again, they are not useful over the Internet)

+4
source

Like Masoud M, you can only get the MAC address of computers that are on your local network. However, you can analyze the output of the arp command to find the MAC address specified by the IP address of the machine on your local network.

0
source

In general, on the Internet, you don’t even know the media that the host uses to transmit packets. Assume that the remote host is connected through a serial connection between rs-232-C and PPP. It does not have a mac address. This also happens, for example, if the host uses a ring token interface or a frame relay link. This allows you to completely localize the remote host MAC addresses. Usually, when you receive a packet from a remote site via ethernet, the source mac addres that you receive in the packet is the last router that connects you to the Internet, and not to the original host that sent the IP packet. In the RFC, on the IP address for air carriers (rfc1149, rfc2549 and rfc6214), the carriers used for transmission do not allow the use of mac addresses (the link address can be named if possible with pidgeon).

If you want to read about traceroute on an Ethernet switch network, you might need to take a look at IEEE802.1ag, which has a specification, to do tracing through switches (tracelink service), but I think that is far beyond the scope of this answer.

0
source

More articles:


All Articles