I would like to do a scan in a LAN network to find devices linked.
I'm developping an app in IOS for IPAD
How do I do???
Because those are mobile devices I will assume you want to find devices on a wireless network. Theoretically, since wifi uses shared medium for communication, you can passively listen for traffic flowing through the network and collect data about client without sending any packets. This is something that is commonly referred to as a promiscuous mode. In practice there is 99% chance that the network adapter driver will allow you only to get traffic destined for your MAC address. In that case you will need to resort to actively scanning the network subnet which is not 100% accurate and depending on how the network is implemented can be considered as a possible attack.
The simple way of scanning is sending ICMP requests (ping) to every IP address in the subnet and collecting data from those who send back the echo reply. This is not reliable because some hosts won't respond to ICMP echo request even if they are active. First thing you need is to find out your own IP address and the subnet mask, and calculate the range of possible addresses in your subnet. The range is obtained by using logical AND operator where operands are binary values of your IP address and subnet mask. This is an example from the program that calculates this for typical 192.168.1.1 subnet with 255.255.255.0 subnet mask (192.168.1.1/24 in CIDR notation):
Address: 192.168.1.1 11000000.10101000.00000001 .00000001
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111 .00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000 .11111111
Network: 192.168.1.0/24 11000000.10101000.00000001 .00000000
Broadcast: 192.168.1.255 11000000.10101000.00000001 .11111111
HostMin: 192.168.1.1 11000000.10101000.00000001 .00000001
HostMax: 192.168.1.254 11000000.10101000.00000001 .11111110
Then you would iterate through the range and ping every address. Another thing you can consider is listening for broadcast traffic such as ARP and collecting some of the information that way. I don't know what are you trying to make but you can't get many useful information this way, except for vendor of a host's network adapter.
Check my LAN Scan on Github. It does exactly what you want.
I recently used MMLANScan that was pretty good. It discovers IP, Hostname and MAC Address.
Bonjour have been around since 2002, have a look at it!
I mean, just look at their current tagline:
Bonjour, also known as zero-configuration networking, enables automatic discovery of devices and services on a local network using industry standard IP protocols. Bonjour makes it easy to discover, publish, and resolve network services with a sophisticated, yet easy-to-use, programming interface that is accessible from Cocoa, Ruby, Python, and other languages.
Related
How do we retrieve the Local Ip address set of the NIC in NDIS 6. I will be doing some IP header modifications on the received Ethernet Frames, so will be looking for local ip of NIC card that my Filter Attached to.
It's generally a layering violation for an NDIS LWF driver (which operates at layer 2 of the OSI stack) to get involved with IP addresses (which are at layer 3 of the OSI stack).
If you have a very good reason do to this, you can query GetUnicastIpAddressTable. Keep in mind that a NIC may not have any IP address (e.g., it's used for non-IP protocols). Or it may carry IP traffic, but the OS doesn't know about any IP address (e.g., a guest VM is sending IP traffic through the host's NIC, but only the guest really knows the IP address).
In other words, NICs don't really have IP addresses. At best, you can say that the NIC may be associated with an IP interface which has some number of IP addresses.
In my recent app I managed to send data (mostly audio) via UDP in my local network (WiFi) to other iPhone. And now I need to do this same but in WAN. Can You guys please point me in the right direction where to start? What I need to achieve this?
I'm using GCDAsyncSocket to manage sockets. I believe that I have to got server, where I can keep IP addresses of both devices.
Also, how can I connect to device behind NAT/Firewall? I'm guessing, that I need to have public IP address (scrapped for instance from http://checkip.dyndns.com/). And then do I need to traceroute? Or NSLookup? Or piggyback? Or do I need to use UDP hole punching?
I know it's a lot of question, but if you can just point me to the right technology, I would be very grateful.
To achieve a communication between two participants behind a NAT you could use Hole-Punching like you mentioned it. This is explained quite well here: http://en.wikipedia.org/wiki/UDP_hole_punching#Flow
Basically a Server with a Public IP and Port is used to share the Port-numbers of the iPhones.
But a NAT may use a different Port for every different IP the iPhone talks to. So if iPhone1 sends data to the server the NAT uses port X, but if iPhone1 wants to send data to a different IP the NAT may choose port Y. (See http://en.wikipedia.org/wiki/Network_address_translation#Symmetric_NAT)
To overcome this problem there is a protocol called UPnP and the lesser known NAT Port Mapping Protocol.
I am not well versed in UPnP but maybe someone else can provide some information on that.
The protocol NAT-PMP enables you to dynamically request an external port to be forwarded to your device. See http://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol, RFC 6886 .
This allows you to "predict" your external port and establish connections over NAT.
There is a lot of other answers related to this issue, however I believe this is specific.
I am using Delphi XE2 and Indy 10.5.8 and TIdUDPServer
In my local development network I have everything on the same network ip subrange and all connected to the very same Access Point (LinkSys)
I have Androids sendind UDP Broadcast to 255.255.255.255 to request the server ip address that is written in Delphi listening using TIdUDPServer on the port 44444.
The requests get there fine and I can answer back no problem. Works exactly as expected.
However I have noted that in some networks it does not work! It is always simple networks based on an access point, I am not sure but seems that where the problem happens the server PC is connect to the LAN port while the devices are using the wifi, all in the same access point.
Could be the case that the access points do not broadcast the UDP packet by the both LAN and wifi? I know that this kind of broadcast is very limited, but I have not found any information that tell me that in the same access point there is limitations like that.
Is there are ways to test, or workaround?
This solution needs to be strong enough to deal with the many AP out there.
EDIT: For those that want to get the source code for retrieving more information from the network including the broadcast ip as mentioned on the answer below follow this solution, it is all there.
http://www.code10.info/index.php?option=com_content&view=article&id=54:articleretrieve-network-adapter-information&catid=47:cat_coding_algorithms_network&Itemid=78
255.255.255.255 is not the best option for sending UDP broadcasts, and some routers/firewalls do block it unless configured otherwise. The better option is to use the NIC's actual subnet broadcast IP instead. For example, if a UDP socket is bound to local IP 192.168.0.1 with a subnet mask of 255.255.255.0, then the broadcast IP for that subnet is 192.168.0.255.
Most platforms have OS-specific APIs for retrieving a NIC's actual broadcast IP, such as getifaddrs() on POSIX systems, or at least for retrieving the NIC's subnet mask, such as GetAdaptersInfo() and GetAdaptersAddresses() on Windows, so you can calculate the broadcast IP manually.
Retrieving the local broadcast IP(s) may be added to Indy in a future version.
I am looking for a way to detect if any incoming or outgoing network traffic is PPP (Point to Point). Is there a way that I can sniff for this type of traffic using the pcap library?
The reason I need to know if the traffic is PPP to validate a certain condition. That condition is if the DC (Demand-Circuit) bit in the Options Field of OSPF is enabled, then PPP must be enabled for that network. Only point-to-point networks receive the full benefit of OSPF Demand-Circuits (RFC 1793).
"Point-to-point", in RFC 1793, doesn't refer to particular types of traffic, it refers to particular types of networks. All traffic on, for example, a serial line running the Point-To-Point Protocol, is "point-to-point traffic"; no traffic on an Ethernet is "point-to-point". Non-point-to-point traffic could be tunneled over a point-to-point network, and point-to-point traffic could be tunneled over a non-point-to-point network, but, in the case of a tunnel, there will often be a network interface (in the software sense, e.g. what ifconfig -a would list in most UN*X systems or ipconfig/all would list on Windows) for the tunneled traffic, in addition to a network interface for the lower-level network's adapter.
On most UN*Xes, you can use the SIOCGIFFLAGS ioctl to get the flags for a network interface, and one of those flags is the IFF_POINTOPOINT flag, which would indicate whether the network for that interface is a point-to-point network or not.
On Windows, I can't find an ioctl to get the flags for a specific interface, but the SIO_GET_INTERFACE_LIST Winsock ioctl will return an INTERFACE_INFO structure with an iiFlags member that includes the IFF_POINTOPOINT flag.
I live in a place with an oppressive network policy where everything is aggressively monitored. Among the many rules is a prohibition on using any device that generates Network Address Translation traffic (i.e. Wireless routers, vms...). They monitor network logs and disconnect anyone who uses such. Is there any way I can mask traffic (i.e the nat transltion generated by routers or virtual network devices) via encryption or the like so that it is indistinguishable from normal network traffic that would be generated by a single device using a single ip address to a monitor that is sniffing packets on the network?
(I already use a VPN to encrypt any sensitive traffic, but the NAT is applied post VPN encryption. )
I am not really sure why you need to dodge security, but one way to achieve this in your case is to use a trojan horse-like mecanism. Instead of having any peer or devices on your LAN trying to connect to the WAN, install some kind of application on a valid node behind the LAN to propagate traffic in an out of the LAN for other nodes. If necessary, have this node connect to another fix node on the WAN. Since it will use a valid connection, it won't be filtered.
Each device on your LAN should connect to the trojan node instead of trying to connect outside. The bandwidth will be slower, but this should work. That being said, this is most probably breaking the intentions of those who have implemented the security policy on your LAN. If they catch you, you're good for the electric chair...