While running my experiments with IP Addresses and MAC Addresses, I found out something interesting today.
I was trying to print out Source IP Addresses and corresponding MAC Addresses of all the network packets that I receive in my system. But, I saw several packets, that are coming from outside servers, contain same MAC Address but different IP Addresses.
With a little bit of research, I found out, this is in fact quite a common practice for servers. In fact, if there are multiple services running on a single server, many a times those services are given different IP Addresses, so that, if in future any of the services is moved to a different machine, it can be done with minimum disruption.
So, if that is the case, then how to find out what all IP addresses are mapped to a single MAC address in the incoming network packets?
This is, in fact, very easy to find out. In fact, we can use tshark for this purpose.
I typed this command :
# sudo tshark -i eth0 -T fields -e eth.src -e ip.src -a duration:30
This command would give MAC Address and corresponding IP Addresses of each incoming network packets in the system, for a duration of 30 seconds.
The output would look something like
this:
48:f8:b3:36:19:a1 74.125.200.189
48:f8:b3:36:19:a1 198.252.206.25
48:f8:b3:36:19:a1 74.125.130.188
48:f8:b3:36:19:a1 198.252.206.25
90:48:9a:f7:38:3d 192.168.1.121
48:f8:b3:36:19:a1 198.252.206.25
48:f8:b3:36:19:a1 74.125.200.189
90:48:9a:f7:38:3d 192.168.1.121
90:48:9a:f7:38:3d 192.168.1.121
48:f8:b3:36:19:a1 198.252.206.25
90:48:9a:f7:38:3d 192.168.1.121
48:f8:b3:36:19:a1 216.58.196.110
Please note that, the MAC Address
48:f8:b3:36:19:a1 is mapped with
different IP Addresses.
Well, this was a small interesting finding, which I wanted to share with you. Hope you found it interesting too!
No comments:
Post a Comment