Thursday, October 8, 2015

Multiple IP Addresses on A Single Server



While running my experiments with IP Addresses and MAC Addresses, I found out something interesting today.


I was trying to print out Source IP Addresses and corresponding MAC Addresses of all the network packets that I receive in my system. But, I saw several packets, that are coming from outside servers, contain same MAC Address but different IP Addresses.





With a little bit of research, I found out, this is in fact quite a common practice for servers. In fact, if there are multiple services running on a single server, many a times those services are given different IP Addresses, so that, if in future any of the services is moved to a different machine, it can be done with minimum disruption.



So, if that is the case, then how to find out what all IP addresses are mapped to a single MAC address in the incoming network packets?


This is, in fact, very easy to find out. In fact, we can use tshark for this purpose.


I typed this command :


# sudo tshark -i eth0 -T fields -e eth.src -e ip.src -a duration:30


This command would give MAC Address and corresponding IP Addresses of each incoming network packets in the system, for a duration of 30 seconds.


The output would look something like this:


48:f8:b3:36:19:a1 74.125.200.189
48:f8:b3:36:19:a1 198.252.206.25
48:f8:b3:36:19:a1 74.125.130.188
48:f8:b3:36:19:a1 198.252.206.25
90:48:9a:f7:38:3d 192.168.1.121
48:f8:b3:36:19:a1 198.252.206.25
48:f8:b3:36:19:a1 74.125.200.189
90:48:9a:f7:38:3d 192.168.1.121
90:48:9a:f7:38:3d 192.168.1.121
48:f8:b3:36:19:a1 198.252.206.25
90:48:9a:f7:38:3d 192.168.1.121
48:f8:b3:36:19:a1 216.58.196.110



Please note that, the MAC Address 48:f8:b3:36:19:a1 is mapped with different IP Addresses.


Well, this was a small interesting finding, which I wanted to share with you. Hope you found it interesting too!

No comments:

Post a Comment