How to find multiple servers on LAN using TCP socket
-
Hi, As I stated in my second post: The author of the question clearly states that he is attempting to scan the LAN for network devices. ARP is a very good candidate for scanning the local network for hardware addresses. In fact this is how the Microsoft NDIS layer works... the first thing TCPIP.SYS does is send an ARP broadcast if there is no entry in the table. Here on codeproject.com we are all experienced developers sharing our experience and knowledge for free. In my opinion it is not very good etiquette to attack other posters who are assisting. Best Wishes, -David Delaune P.S. You still have not answered my question. And its because ARP broadcasts DO pass through your switch.
Sure, the ARP broadcast is there - to find the MAC address of the DHCP or BOOTP server in order to get an IP address if auto address configuration is enabled. - to detect an available address if no DHCP or bootp servers are there, and automatic address assignment is in effect (169.254/16 network) - to see if the assigned address is already in use on the network. - if netbios is enabled, to get at the network neighbourhood machines (netbios is basically a layer 2 protocol) - to find a master browser, and start the master browser election - to find the default gateway Otherwise I'm a bit bothered by your definition of LAN environment: can a LAN not include routers? In that case my home environment does not qualify as a LAN. Each virtual machine host includes a router to effect separation between in host-traffic and LAN Traffic. Any corporate environment, even in the 192.168 subrange will include routers, just because it's usually bad practice to put more than a couple of hundred hosts on a broadcast segment (and the default netmask is /24). I use a 10/8 network at home, which I divide in /24 networks because of - Megalomania - I can't be bothered to calculate subnets which are not a multiple of 8 :-) I suspects network admins out there are as lazy as I am.
modified on Monday, May 10, 2010 3:14 PM
-
Fixed the low votes on your posts (and marked the query as answered). PS: It seem to work on my LAN and I'm in agreement with you.
“Follow your bliss.” – Joseph Campbell
Ouch... voting up a user who gives wrong technical advice is not a good idea! There is a difference in LANs that consist of one subnet and those with multiple subnets (where ARP traffic will not be forwarded but IP traffic will be) as explained by Michel Godfroid.
Chat in Europe :java: Now with 24% more Twitter
modified on Monday, May 10, 2010 3:42 PM
-
Fixed the low votes on your posts (and marked the query as answered). PS: It seem to work on my LAN and I'm in agreement with you.
“Follow your bliss.” – Joseph Campbell
Hi Rajesh, Thanks for the support. To be fair the recommendation made by Michel Godfroid is not incorrect. I was simply giving an alternative and optimized solution for scanning a local network. Allow me to give a more complete explanation. Here is an exercise for the readers: 1.) Download a packet sniffer such as WireShark[^] 2.) Follow the advice Michel Godfroid gave and scan the entire local subnet. Monitor the Wireshark output. Here is what you will see: 1.) You will first see an ARP broadcast generated by TCPIP.SYS for each attempted connection to a local IP address (if not already cached). If there is something there it will respond with an ARP reply. 2.) If a network device is on the other side you will then see the TCP handshake and connection attempt. If there is no device there winsock will return a Winsock Error Code[^]. The response I gave was cutting out the TCP protocol from the equation... Since we know the NDIS layer TCPIP.SYS will ARP for the address anyway... when scanning the local subnet. Best Wishes, -David Delaune
-
Ouch... voting up a user who gives wrong technical advice is not a good idea! There is a difference in LANs that consist of one subnet and those with multiple subnets (where ARP traffic will not be forwarded but IP traffic will be) as explained by Michel Godfroid.
Chat in Europe :java: Now with 24% more Twitter
modified on Monday, May 10, 2010 3:42 PM
Hi Moak,
Moak wrote:
There is a difference in LANs that consist of one subnet and those with multiple subnets (where APR traffic will not be forwarded but IP traffic will be) as explained by Michel Godfroid.
This is not correct. The switch *will* forward the ARP broadcast. The network device on the other side however will not respond if it is on another subnet. Best Wishes, -David Delaune
-
Hi Rajesh, Thanks for the support. To be fair the recommendation made by Michel Godfroid is not incorrect. I was simply giving an alternative and optimized solution for scanning a local network. Allow me to give a more complete explanation. Here is an exercise for the readers: 1.) Download a packet sniffer such as WireShark[^] 2.) Follow the advice Michel Godfroid gave and scan the entire local subnet. Monitor the Wireshark output. Here is what you will see: 1.) You will first see an ARP broadcast generated by TCPIP.SYS for each attempted connection to a local IP address (if not already cached). If there is something there it will respond with an ARP reply. 2.) If a network device is on the other side you will then see the TCP handshake and connection attempt. If there is no device there winsock will return a Winsock Error Code[^]. The response I gave was cutting out the TCP protocol from the equation... Since we know the NDIS layer TCPIP.SYS will ARP for the address anyway... when scanning the local subnet. Best Wishes, -David Delaune
Randor wrote:
To be fair the recommendation made by Michel Godfroid is not incorrect.
I realise that, and actually his answer carries my 5 vote!
“Follow your bliss.” – Joseph Campbell
-
Ouch... voting up a user who gives wrong technical advice is not a good idea! There is a difference in LANs that consist of one subnet and those with multiple subnets (where ARP traffic will not be forwarded but IP traffic will be) as explained by Michel Godfroid.
Chat in Europe :java: Now with 24% more Twitter
modified on Monday, May 10, 2010 3:42 PM
Moak wrote:
There is a difference in LANs that consist of one subnet and those with multiple subnets (where APR traffic will not be forwarded but IP traffic will be) as explained by Michel Godfroid.
While the OP hasn't been particularly clear about his setup, it's hard for someone to guess and answer. While Michel's answer is correct (and carries my "good answer" vote), I see very little reason to lynch-vote David's post. I'd leave it to the OP to decide if it were wrong technical advice in this case by testing the suggestions offered in his setup, as he's not provided sufficient details for the responders.
“Follow your bliss.” – Joseph Campbell
-
Sure, the ARP broadcast is there - to find the MAC address of the DHCP or BOOTP server in order to get an IP address if auto address configuration is enabled. - to detect an available address if no DHCP or bootp servers are there, and automatic address assignment is in effect (169.254/16 network) - to see if the assigned address is already in use on the network. - if netbios is enabled, to get at the network neighbourhood machines (netbios is basically a layer 2 protocol) - to find a master browser, and start the master browser election - to find the default gateway Otherwise I'm a bit bothered by your definition of LAN environment: can a LAN not include routers? In that case my home environment does not qualify as a LAN. Each virtual machine host includes a router to effect separation between in host-traffic and LAN Traffic. Any corporate environment, even in the 192.168 subrange will include routers, just because it's usually bad practice to put more than a couple of hundred hosts on a broadcast segment (and the default netmask is /24). I use a 10/8 network at home, which I divide in /24 networks because of - Megalomania - I can't be bothered to calculate subnets which are not a multiple of 8 :-) I suspects network admins out there are as lazy as I am.
modified on Monday, May 10, 2010 3:14 PM
Hi Michel, As I stated... your advice is not incorrect. I simply gave an alternative solution for scanning the local subnet for networked devices. Lets have a beer and work on calculating subnets which are not a multiple of 8. :) Best Wishes, -David Delaune
-
Hi Moak,
Moak wrote:
There is a difference in LANs that consist of one subnet and those with multiple subnets (where APR traffic will not be forwarded but IP traffic will be) as explained by Michel Godfroid.
This is not correct. The switch *will* forward the ARP broadcast. The network device on the other side however will not respond if it is on another subnet. Best Wishes, -David Delaune
Have you considered network topologies with L3 routers, a campus LAN must not only consist of L2 hubs/switches?
Chat in Europe :java: Now with 24% more Twitter
-
Ouch... voting up a user who gives wrong technical advice is not a good idea! There is a difference in LANs that consist of one subnet and those with multiple subnets (where ARP traffic will not be forwarded but IP traffic will be) as explained by Michel Godfroid.
Chat in Europe :java: Now with 24% more Twitter
modified on Monday, May 10, 2010 3:42 PM
Moak wrote:
(where APR traffic will not be forwarded but IP traffic will be
Nitpicking: BTW, that ought to be ARP traffic. :)
“Follow your bliss.” – Joseph Campbell
-
Have you considered network topologies with L3 routers, a campus LAN must not only consist of L2 hubs/switches?
Chat in Europe :java: Now with 24% more Twitter
-
Hi Michel, As I stated... your advice is not incorrect. I simply gave an alternative solution for scanning the local subnet for networked devices. Lets have a beer and work on calculating subnets which are not a multiple of 8. :) Best Wishes, -David Delaune
I admit I got a bit carried away. I have a thing with MAC addresses, and not using them for what they were designed :mad:. A childhood trauma involving X25 probably. Given the OP's initial statement (and not knowing the OP's level of knowledge), I thought your initial answer might confuse the issue. I concentrated on an answer which would work in every case.
Randor wrote:
Lets have a beer
As soon as the ash clouds leave Europe... Cheers!:thumbsup:
-
Hi Moak, Absolutely. I simply wanted to add additional options on top of the advice by Michel Godfroid. I did not expect such a strong negative response. Best Wishes, -David Delaune
Hi David! You give a lot of helpful advice, just recently I learned something about Linux system calls form a very detailed posting of you! This time the advice you gave doesn't work in a typical campus LAN which is the original posters scenario (multiple /24 subnets). The initial replies from Michael mentioned that such a network topology probably has L3 routing and explained the background why ARP in such a scenario will not be able to enumerate all active hosts. You can give it a try with
nmap -PR -oN arpscan.txt 192.168.0.0/16, which is expected not to work in a larger network. It should be okay among us to correct technical details and give together the best technical advice. Please don't see my response as negative, it really wasn't meant bad in any way. :) Best regards /MoakChat in Europe :java: Now with 24% more Twitter
modified on Tuesday, May 11, 2010 3:16 AM
-
Ouch... voting up a user who gives wrong technical advice is not a good idea! There is a difference in LANs that consist of one subnet and those with multiple subnets (where ARP traffic will not be forwarded but IP traffic will be) as explained by Michel Godfroid.
Chat in Europe :java: Now with 24% more Twitter
modified on Monday, May 10, 2010 3:42 PM
If you want to add a reply, keep it public. Do not delete it after you've posted something!
Workout progress:
Current arm size: 14.4in
Desired arm size: 18in
Next Target: 15.4in by Dec 2010Current training method: HIT