• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Is it possible to get the remote MAC address from a connected socket?

SunnyD

SunnyD

Belgian Waffler
Ie: when not using a raw socket, is there any way to inspect the IP packet headers on a socket, or any other possible way to get the associated remote MAC address from a packet/datagram on a connected socket?
 
General IP packets don't have it in the IP header or below, but you can make a special request like using NetBios in Win that will return MAC addr in the 'Unit ID' field.

And what are you trying to do? When you use the raw socket, if there's a router in front of the remote PC, what you get in the Ethernet header is the MAC of the router. You can see that if you do a tcp dump on your machine and use nbtstat command to get the MAC of the remote PC: the MAC in the header will not be the same as the MAC in UnitID if it's sitting behind a router. Furthermore, it's easy to fake MAC address, if you want it for security reasons, you should really be using SSL/TLS or something of that sort.
 
I'm handcuffed in to how much I can do with what I have. Basically I'm trying to identify the remote machine as best as possible, aware that IP addresses and MAC addresses can be changed/fakes/spoofed. Unfortunately I don't have the luxury of making wholesale changes.
 
Well, if you need to check it for every single packet, and the socket isn't of raw type, then, to the best of my knowledge, it can't be done.
 
As you wrote the IP and MAC addresses can be spoofed, so I wouldn't rely on them to identify a remote machine. You have no way to know the real MAC address of the remote entity, even without spoofing, because there could be many routers in the middle.
It is not a matter of using a raw socket instead of the "normal" one, the MAC address in the packet would refer to the nearest router, that's it...
 
Yeah, the only MAC you'll be able to see is the MAC of the physical device that forwarded the frame to your NIC, not the MAC of the end point associated with the IP address.
 
Security of this type is basically provided by services, not by any special noncing of the packets themselves. I realize your hands are somewhat tied as to what you can do.

Here is a link to everything that you're guaranteed to see from a packet that crosses the internet:
http://www.freesoft.org/CIE/Course/Section3/7.htm

Version of IP
Header length
Service type
Packet length
Packet fragmentation id
Fragmentation offset
Fragmentation flags
TTL
Protocol
Header checksum
Source IP
Destination IP
Some 'option' flags

And yes, any/all of that can be spoofed along the way.

You get more out of a TCP header:
http://mike.passwall.com/networking/tcppacket.html

... but all of that can be faked too.
 
Are you trying to do this to secure a computer application such that it can only be installed on one computer? If so, then it'll need to call home and TELL the other side its MAC address. As already said, with the way that OSI works, you will only ever see the MAC address of the device your computer is hooked in to...the device that forwarded the frame.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top