Identify the Ethernet addresses which have been used by your computer.
Type:
arp -a
The address resolution protocol (arp) is an important protocol that IP networks use to transmit datagrams over Ethernet LANs. The "arp" program prints the contents of the computer's address resolution protocol (arp) cache. This consists of a list of IP addresses that have recently been used to contact remote computers on the same LAN. Alongside each IP address is the hardware (or Medium Access Control, MAC) address information corresponding to each computer/router. This information is required before the computer may communicate with any other computer directly connected to the LAN, since it is used in the destination address field of the MAC header which encapsulates each IP packet.
Now try to identify the Ethernet address of another computer
Type:
arp followed by an IP address in dotted
decimal. notation.
It is suggested that you pick an IP address that has the first three decimal numbers the same as other entries in the arp cache. (if you can't remember how to find out the IP address of your own computer look at exercise 1 again). The arp program will tell you whether it can find out the Ethernet hardware address (MAC address) corresponding to the specified IP address.
Have you now found an IP address which is not currently in use?
The arp request sent by the arp program may not have completed, in this case the computer will therefore have an incomplete arp entry or this IP address (this is not always displayed on a PC). You may remember that the arp protocol uses an Ethernet Broadcast frame which is sent to all systems which are directly connected to the local Ethernet LAN. Although all computers receive the arp request, only the computer with the specified IP address (known as the target) replies. Therefore, if no reply is received, it indicates that there is currently no computer on the connected LAN with the specified IP address.
Use ping (ICMP) again, but this time select other values for the final part of the IP address (i.e. the last of the four decimal numbers separated by dots). Start with the first three bytes (shown as "x" below, from the previous IP address that you looked at using the arp command above). Choose a different value for the final byte (y). One suggestion is to use a high number (e.g. y=250, but be careful not to use y=255 or 0 because these have special meanings). Since most network administrators start numbering their computers in succession starting with "1", the higher the number the greater the chance of the number not being allocated to an operating computer.
What happens for different values of y?
Type:
ping x.x.x.y
Finding other computers connected to the LAN
As a final experiment, you may like to use the IP network broadcast address that you previously found out from exercise 1. (This was found using ifconfig -a or ipconfig -all). The IP network broadcast address may be used to find the IP addresses of all other computers on the same IP network. Try typing the following (but make sure that you use the broadcast address specified by ifconfig -a, not the one in this example!!!)
Type:
ping x.x.x.255
Did you receive a reply?
You should have. You may have seen several replies (if several computers each responded to the ICMP echo request messages).
If you used a broadcast address, you should have received a response from each computer in your IP network. The ping command may have completed when you received the first response to the transmitted ICMP echo request.
To find out the list of all active computers, you will could again look into your computer's arp cache.
Type:
arp -a
The current arp cache should now contain an entry for every host on your network!
However, the arp cache is of a finite size, and therefore on a large LAN, some entries may overflow the cache and will be discarded. After a period of use, the cache would become full of incomplete and obsolete entries for computers that are not is use if it was allowed to grow without check. The arp cache is therefore periodically flushed of all entries. This deletes unused entries and frees space in the cache. It also removes any unsuccessful attempts to contact computers which are not currently running.
Do not use the ping command with the broadcast address often! It asks every system on the network to reply, if you typed this frequently it would cause a lot of network traffic, and may annoy other users!!
email: G.Fairhurst@eng.abdn.ac.uk - Date: 10/11/1995 Revised: 7/10/2003
