Translate MAC address to IP address

Nick Barnes Nick.Barnes at pobox.com
Wed Aug 13 04:35:48 PDT 2003 

[-net seems to be the right forum for this.]

I have some MAC addresses from a local Ethernet segment.  I want to
convert them into IP addresses.  How can I do that programmatically?
(i.e. not "ping likely candidates and then eyeball the arp -a
output").  I'm prepared to burn hundreds of packets, and possibly wait
a few seconds, to get the result.

I understand that the mapping may be dynamic, especially in the
presence of DHCP etc, and I'm prepared to put up with that; a "best
guess" is far better than nothing at all (and in fact on my local
network the mapping is pretty static).

This is on 4.8-STABLE.

Background:

I have written a small utility for traffic volume monitoring on an
Ethernet segment.  It uses libpcap to capture the ethernet header of
every packet and counts traffic volume by source and destination MAC.
A bit like a lobotomized tcpdump (and indeed that is what I started
with).

Currently the report looks like this:

Per-MAC:               out    out      in     in
                   packets  bytes packets  bytes
ff:ff:ff:ff:ff:ff:       0      0       4    240
00:07:e9:db:2a:26:      71   5435     127  70958
00:02:b3:33:37:0f:     389 290734     331  38761
00:90:27:ed:3c:70:      33  15909      30   4105
00:50:fc:01:f4:0e:       7   1648       5    717
00:d0:b7:ac:99:87:     142  15184     153 105835
00:03:47:fa:fb:5b:     105  15832      98 115895
00:07:e9:92:c0:76:      28   3221      27  11452

Per-header:                             packets  bytes
00:90:27:ed:3c:70 -> 00:d0:b7:ac:99:87:       7   4798
00:d0:b7:ac:99:87 -> 00:90:27:ed:3c:70:       6    689
00:90:27:ed:3c:70 -> 00:02:b3:33:37:0f:       6    513
00:02:b3:33:37:0f -> 00:90:27:ed:3c:70:       6   1273
00:02:b3:33:37:0f -> 00:07:e9:92:c0:76:       7    854
00:07:e9:92:c0:76 -> 00:02:b3:33:37:0f:       8    958
00:02:b3:33:37:0f -> 00:07:e9:db:2a:26:     127  70958
00:07:e9:db:2a:26 -> 00:02:b3:33:37:0f:      71   5435
00:d0:b7:ac:99:87 -> ff:ff:ff:ff:ff:ff:       2    120
00:50:fc:01:f4:0e -> 00:02:b3:33:37:0f:       7   1648
00:02:b3:33:37:0f -> 00:50:fc:01:f4:0e:       5    717
00:02:b3:33:37:0f -> 00:d0:b7:ac:99:87:     146 101037
00:d0:b7:ac:99:87 -> 00:02:b3:33:37:0f:     134  14375
00:07:e9:92:c0:76 -> ff:ff:ff:ff:ff:ff:       2    120
00:90:27:ed:3c:70 -> 00:07:e9:92:c0:76:      20  10598
00:07:e9:92:c0:76 -> 00:90:27:ed:3c:70:      18   2143
00:03:47:fa:fb:5b -> 00:02:b3:33:37:0f:     105  15832
00:02:b3:33:37:0f -> 00:03:47:fa:fb:5b:      98 115895

                                 total:     775 347963

I would like to be able to report by IP address.

Yours,

Nick Barnes
Ravenbrook Limited

More information about the freebsd-net mailing list