According to the ideas of 9527 and qzwqzw, this is my understanding: After pinging an IP, if the host represented by this IP is alive, it will automatically record this IP and its MAC in the routing table. But I tried pinging www.cn-dos.net, and then I used ARP -A, and the routing table did not have the IP and MAC of www.cn-dos.net. Please tell me what the reason is? Is this method only for hosts in the internal network? Please give your advice.
China DOS Union
Union site: www.cn-dos.net Forum site: www.cn-dos.net/forum
DOS stands for freedom, openness and progress. Let us work hard, learn from the openness and GNU spirit of FreeDOS and Linux, and together build and grow a free GNU GPL world!
中国DOS联盟论坛 » DOS批处理 & 脚本技术(批处理室) » So many experts, who can write a program to scan the internal network IP and mac!
View 7,346 Replies 51
Floor 31
Posted 2006-12-31 00:55 · 中国 湖北 武汉 电信
版主
★★★★★
Credits 11,386
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Status Offline
According to the ideas of 9527 and qzwqzw, this is my understanding: After pinging an IP, if the host represented by this IP is alive, it will automatically record this IP and its MAC in the routing table. But I tried pinging www.cn-dos.net, and then I used ARP -A, and the routing table did not have the IP and MAC of www.cn-dos.net. Please tell me what the reason is? Is this method only for hosts in the internal network? Please give your advice.
Floor 32
Posted 2006-12-31 01:13 · 中国 北京 联通
银牌会员
★★★
努力做坏人
Credits 1,185
Posts 438
Joined 2006-08-28 12:00
19-year member
UID 61449
From 北京
Posts 438
Joined 2006-08-28 12:00
19-year member
UID 61449
From 北京
Status Offline
Although PING can also determine whether the other machine is online, the success rate is really not satisfactory, and the efficiency is extremely poor. It is better to use ARP. However, those who use it must pay attention that its network segment is 192.168.1.0-192.168.1.255. Everyone can modify it according to their own situation. But the running speed is not too fast, maybe because of the delay from PING. But it is indeed very practical. Let me explain roughly. Some people may ask, why don't you directly run FOR on the entire segment of IP? I tested it yesterday, and it was a bit inaccurate, so I ran it in two segments. I don't know exactly why it is inaccurate. It is also applicable in the case of a firewall, and also applicable to machines that have blocked ICMP packets, because it must still give a MAC address to the source computer, so please rest assured to use it.
This is what I wrote in the original post. I checked online. It seems that ARP only has an effect on internal network operations. For whether the external network is alive, the basic command is to PING the other host and look at the TTL value. ARP has one advantage that it can determine whether the other party is online regardless of whether it is online or not! ! !
我今后在论坛的目标就是做个超级坏人!!!
Floor 33
Posted 2006-12-31 02:01 · 中国 湖北 武汉 电信
版主
★★★★★
Credits 11,386
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Status Offline
Originally posted by tghksj at 2006-12-30 10:25:
re lxmxn
-----------------------
List of computers obtained by net view
MAC obtained by nbtstat -a "computer name"
------------------------
@ECHO %dbg% OFF
setlocal ENAB ...
Please send me the specific results obtained from your net view and nbtstat -a , I mainly need to look at the format of the results because I don't have an internal network environment here.
Floor 34
Posted 2006-12-31 02:13 · 中国 山东 济南 电信
net view :
--------------
Server Name Comment
-------------------------------------------------------------------------------
\\GS
\\SERVER
\\T06
\\T11
\\T13
\\T14
\\T16
\\T18
\\T19
\\T20
\\T22
\\T23
\\T24
\\T25
\\T27
\\T28
\\T29
\\T34
\\T46
\\T49
\\T50
\\T51
\\T52
\\T53
\\T54
\\T60
Command completed successfully.
--------------------------------------------
nbtstat -a T06:
---------------------------
Local Area Connection:
Node IpAddress: Scope Id:
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
T06 <00> UNIQUE Registered
K <00> GROUP Registered
T06 <20> UNIQUE Registered
K <1E> GROUP Registered
MAC Address = 00-E0-4C-10-44-49
The nbtstat -a command has different results for uppercase and lowercase........
NBTSTAT -A doesn't work......
Floor 35
Posted 2006-12-31 02:46 · 中国 山东 青岛 中移铁通
初级用户
★
Credits 63
Posts 33
Joined 2006-12-04 05:49
19-year member
UID 72514
Gender Male
Posts 33
Joined 2006-12-04 05:49
19-year member
UID 72514
Gender Male
Status Offline
Originally posted by ygzxw at 2006-12-28 04:12 PM:
Can't upload pictures here!!! Can't send
It can be sent. When you post, there is a prompt at the bottom:
Figure 1
After uploading is completed, find the file link address according to the prompt.
[ Last edited by trickster on 2006-12-30 at 01:54 PM ]
Floor 36
Posted 2006-12-31 02:58 · 中国 广东 广州 天河区 电信
There is a very convenient command, and it doesn't need server service support. arp -a ipaddress
Floor 37
Posted 2006-12-31 03:04 · 中国 湖北 武汉 电信
版主
★★★★★
Credits 11,386
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Status Offline
@echo %dbg% off
setlocal enabledelayedexpansion
for /f "tokens=1 delims=\" %%i in ('net view^|find "\\"') do (
call :cname %%i
)
pause
goto :eof
:cname
for /f "tokens=2 delims==" %%j in ('nbtstat -a %1^|find "MAC Address"') do (
echo %1_%%j
)
goto :eof
Try again?
[ Last edited by lxmxn on 2006-12-30 at 03:17 PM ]
Floor 38
Posted 2006-12-31 04:04 · 中国 山东 济南 电信
Careless. :)
Missed a '
It should be for /f "tokens=1 delims=\" %%i in ('net view^|find "\\"') do (
Missed a '
It should be for /f "tokens=1 delims=\" %%i in ('net view^|find "\\"') do (
Recent Ratings for This Post
( 5 in total)
Click for details
| Rater | Score | Time |
|---|---|---|
| 9527 | -11 | 2007-01-18 01:58 |
| lxmxn | -16 | 2007-01-18 02:00 |
| electronixtar | -19 | 2007-01-18 02:00 |
| bagpipe | -11 | 2007-01-18 02:03 |
| ccwan | -11 | 2007-01-18 02:03 |
Floor 39
Posted 2006-12-31 04:18 · 中国 湖北 武汉 电信
版主
★★★★★
Credits 11,386
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Status Offline
Hehe, thanks to the reminder from the elder brother upstairs. Since there's no environment, I just posted the code directly after writing it without testing. =_=||
Floor 40
Posted 2006-12-31 06:06 · 中国 山西 运城 联通
银牌会员
★★★
天的白色影子
Credits 2,343
Posts 636
Joined 2004-03-06 00:00
22-year member
UID 19350
Gender Male
Posts 636
Joined 2004-03-06 00:00
22-year member
UID 19350
Gender Male
Status Offline
The ARP - a shows not the routing table, but the ARP cache table.
The former is a data structure at the network layer.
The latter is established by sending ARP broadcast messages and is a typical data link layer data structure.
Data link layer messages cannot cross gateways, so they can only be within the same subnet (or the same VLAN).
There may be multiple subnets or VLANs in a local area network.
---------------------------------------------
ARP is not better than ping because they are not programs at the same layer.
The Windows ARP program only operates on the local ARP cache table and does not make any network connections.
So if you do not connect to the target IP, it is impossible to ARP to the MAC.
So ping or other connection programs are the precondition for ARP.
Unless there is an ARP program that can send ARP request messages by itself.
-------------------------------------------------------------------------
Whether ping is successful has no direct relationship with whether the MAC is obtained.
Because ping uses the ICMP protocol, which is at the network layer.
A failure at the network layer does not mean a failure at the lower data link layer.
But a failure at the data link layer means that the network layer must be failed.
So if you can ping successfully, you must be able to obtain the MAC.
It is possible to obtain the MAC but not be able to ping successfully.
---------------------------------------------------------------------------------
I remember that the ARP cache table only keeps 10 latest IP - MAC records.
So it may not be possible to obtain 128 records at one time.
But there are no conditions for testing, and it is difficult to say. This is related to the system, not the protocol.
The former is a data structure at the network layer.
The latter is established by sending ARP broadcast messages and is a typical data link layer data structure.
Data link layer messages cannot cross gateways, so they can only be within the same subnet (or the same VLAN).
There may be multiple subnets or VLANs in a local area network.
---------------------------------------------
ARP is not better than ping because they are not programs at the same layer.
The Windows ARP program only operates on the local ARP cache table and does not make any network connections.
So if you do not connect to the target IP, it is impossible to ARP to the MAC.
So ping or other connection programs are the precondition for ARP.
Unless there is an ARP program that can send ARP request messages by itself.
-------------------------------------------------------------------------
Whether ping is successful has no direct relationship with whether the MAC is obtained.
Because ping uses the ICMP protocol, which is at the network layer.
A failure at the network layer does not mean a failure at the lower data link layer.
But a failure at the data link layer means that the network layer must be failed.
So if you can ping successfully, you must be able to obtain the MAC.
It is possible to obtain the MAC but not be able to ping successfully.
---------------------------------------------------------------------------------
I remember that the ARP cache table only keeps 10 latest IP - MAC records.
So it may not be possible to obtain 128 records at one time.
But there are no conditions for testing, and it is difficult to say. This is related to the system, not the protocol.
Floor 41
Posted 2006-12-31 06:13 · 中国 甘肃 兰州 电信
You should first take a look at $ipc
Floor 42
Posted 2006-12-31 06:42 · 中国 湖北 武汉 电信
版主
★★★★★
Credits 11,386
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Posts 4,938
Joined 2006-07-23 17:10
19-year member
UID 59080
Status Offline
Thanks to the guidance from Brother 40, I understand something now.
Floor 43
Posted 2006-12-31 06:51 · 中国 广东 广州 天河区 电信
Originally posted by qzwqzw at 2006-12-30 05:06 PM:
arp -a displays not the routing table but the ARP cache table
The former is a data structure at the network layer
The latter is established by sending ARP broadcast messages and is a typical data structure at the data link layer
Data link...
Just now I didn't pay attention, I thought it was to obtain the MAC address after ping
The local ARP cache should support more than 256 entries
Floor 44
Posted 2006-12-31 06:54 · 中国 广东 广州 天河区 电信
```
@echo off
FOR /F "tokens=4-7 delims=. " %%i IN ('ipconfig^|find /i "ip address"') do set i1=%%i&set i2=%%j&set i3=%%k&set i4=%%l
FOR /F "tokens=4-7 delims=. " %%i IN ('ipconfig^|find /i "subnet"') do set m1=%%i&set m2=%%j&set m3=%%k&set m4=%%l
if "%m2%" == "0" (set b=1&set bb=254) else set b=%i2%&set bb=%i2%
if "%m3%" == "0" (set c=1&set cc=254) else set c=%i3%&set cc=%i3%
echo.>mac.dat
for /l %%b in (%b%,1,%bb%) do (
for /l %%c in (%c%,1,%cc%) do (
for /l %%d in (1,1,20) do (
ping -l 1 -w 1 -n 1 -i 1 %i1%.%%b.%%c.%%d>nul
arp -a %i1%.%%b.%%c.%%d|find "%i1%.%%b.%%c.%%d"|findstr "static dynamic">>mac.dat
set /p=%%d <nul)
)
)
echo.
type mac.dat
pause
```
@echo off
FOR /F "tokens=4-7 delims=. " %%i IN ('ipconfig^|find /i "ip address"') do set i1=%%i&set i2=%%j&set i3=%%k&set i4=%%l
FOR /F "tokens=4-7 delims=. " %%i IN ('ipconfig^|find /i "subnet"') do set m1=%%i&set m2=%%j&set m3=%%k&set m4=%%l
if "%m2%" == "0" (set b=1&set bb=254) else set b=%i2%&set bb=%i2%
if "%m3%" == "0" (set c=1&set cc=254) else set c=%i3%&set cc=%i3%
echo.>mac.dat
for /l %%b in (%b%,1,%bb%) do (
for /l %%c in (%c%,1,%cc%) do (
for /l %%d in (1,1,20) do (
ping -l 1 -w 1 -n 1 -i 1 %i1%.%%b.%%c.%%d>nul
arp -a %i1%.%%b.%%c.%%d|find "%i1%.%%b.%%c.%%d"|findstr "static dynamic">>mac.dat
set /p=%%d <nul)
)
)
echo.
type mac.dat
pause
```
Floor 45
Posted 2006-12-31 09:11 · 中国 山西 运城 联通
银牌会员
★★★
天的白色影子
Credits 2,343
Posts 636
Joined 2004-03-06 00:00
22-year member
UID 19350
Gender Male
Posts 636
Joined 2004-03-06 00:00
22-year member
UID 19350
Gender Male
Status Offline
Well written. It can be made into a standard tool after further improvement. First, support for non - 0 masks. Second, regarding the problem of (1, 1, 20), I don't know how you thought about it. Is it sampling? In addition, does the total number of ARP entries depend on the system version? If it is determined that it is not less than 256, then why not perform arp - a after pinging a segment?
Forum Jump: