none
How to retrieve IP and MAC address from DHCP Server using C#

    Question

  • I have few PC connected to a DHCP server. I need to write a program that run on this DHCP server to retrieve the IP and MAC address of all the PC that connected to this server through LAN. How can I write a code in C# that to do this? I am only able to retrieve the IP and MAC for local machine but what I want is to get the info of those conected to the server. Any advice please. Thank you. 
    • Edited by kikijas Tuesday, July 08, 2008 2:16 AM previous question not clear
    Tuesday, July 08, 2008 2:14 AM

Answers

  • I did a little more investigation on this yesterday... here's what I found.

    The ARP protocol is just what you need.  ARP is an  IP address to Physical (MAC) Address protocol.

    Try this:
    1) Start a process to do a Ping of a specific address within your network.  E.G. Ping 192.168.1.1
    2) Then start off another process to do an ARP of that address..  E.G. ARP -a 192.168.1.1

    I tried this on my home network and was able to retrieve the MAC address of my router.
     
    In your C# program, Redirect your standard output from the ARP -a command example shown above.

    Build a parser (REGEX is the best) to parse the results of the redirection which looks like this:

    Interface: 192.168.1.100 --- 0x2
      Internet Address      Physical Address      Type
      192.168.1.1           00-13-11-d0-f1-42     dynamic


    Background:
    TCP/IP must have either a cached ARP entry or send an ARP request before any other packets fly.  Dumping your ARP cache after a successful PING will do it.  Now remember what we said yesterday, you cannot go out of network because the MAC addresses are swapped, this is how routers work.  So you can write a scanner of your own internal network, for example you have a class C network of 192.168.1.0 (subnet mask is 255.255.255.0)  This gives you 255 -2 addresses or 253 addresses to scan.  (Remember that the host addresses of 0 and 255 are reserved in TCP/IP, thus the 253).  All you have to do is kick off 253 pings and dump the arp cache after each Ping.  You can even clear the ARP cache each time via the ARP -d command. 


    This is a much easier solution than writing or using RAW packet support such as a SNIFFER or creating your own RAW packets..

     


    Javaman
    • Edited by Mr. Javaman Tuesday, July 08, 2008 12:34 PM spelling
    • Marked as answer by kikijas Wednesday, July 09, 2008 2:44 AM
    • Marked as answer by kikijas Wednesday, July 09, 2008 2:44 AM
    • Marked as answer by kikijas Wednesday, July 09, 2008 2:44 AM
    Tuesday, July 08, 2008 12:32 PM

All replies

  •  The DHCP protocol itself (as far as I know) has no facility for anyone else to query it's tables.  But feel free to determine that yourself... http://www.google.com/search?hl=en&q=dhcp+RFC

    Now remember that MAC addressess are only good within your network.  As soon as a packet is routed the MAC address becomes that of the last router that touched the packet.  So, if you are in network you could do something like send out a ping while running sharpPcap. http://www.google.com/search?hl=en&q=sharpPcap  Then you can parse the return packets just like a sniffer would do and pull the MAC address from the response to the PING.  Sounds complicated, but in order to get someone else to talk to you, you must send them a packet.

    The only other way would be to pull up a SMNP client and issue a request to EVERY IP address you suspect. http://www.google.com/search?hl=en&q=SNMP+MAC+Address  But this requires every device on the network or even inter-network to support a response to a specific MIB request.  This is by far the best way to do it.

    Now having said that if you are using DHCP, then you should also be using Dynamic DNS.  I do think that there is a way to get a DNS to dump it's tables and it just may contain the MAC address.

    The only other possible option would be to see if you can't get the the DHCP tables on a Microsoft server via WMI or some magically proprietary protocol that MS dreamed up (like they always do).  Can you say NETBIO?
    Javaman
    Tuesday, July 08, 2008 3:36 AM
  • Thank you for your answer. I have tried to go through the tutorial but it will take me some time to fully understand how to use it. I was wondering, is there anyway to get the MAC address out from the return packet if I am using the Ping.SendAsync method? Is it possible to format the packet I send over to the target PC, so that that packet returned from the PC contains its MAC address? Thank you.
    Tuesday, July 08, 2008 9:50 AM
  • I did a little more investigation on this yesterday... here's what I found.

    The ARP protocol is just what you need.  ARP is an  IP address to Physical (MAC) Address protocol.

    Try this:
    1) Start a process to do a Ping of a specific address within your network.  E.G. Ping 192.168.1.1
    2) Then start off another process to do an ARP of that address..  E.G. ARP -a 192.168.1.1

    I tried this on my home network and was able to retrieve the MAC address of my router.
     
    In your C# program, Redirect your standard output from the ARP -a command example shown above.

    Build a parser (REGEX is the best) to parse the results of the redirection which looks like this:

    Interface: 192.168.1.100 --- 0x2
      Internet Address      Physical Address      Type
      192.168.1.1           00-13-11-d0-f1-42     dynamic


    Background:
    TCP/IP must have either a cached ARP entry or send an ARP request before any other packets fly.  Dumping your ARP cache after a successful PING will do it.  Now remember what we said yesterday, you cannot go out of network because the MAC addresses are swapped, this is how routers work.  So you can write a scanner of your own internal network, for example you have a class C network of 192.168.1.0 (subnet mask is 255.255.255.0)  This gives you 255 -2 addresses or 253 addresses to scan.  (Remember that the host addresses of 0 and 255 are reserved in TCP/IP, thus the 253).  All you have to do is kick off 253 pings and dump the arp cache after each Ping.  You can even clear the ARP cache each time via the ARP -d command. 


    This is a much easier solution than writing or using RAW packet support such as a SNIFFER or creating your own RAW packets..

     


    Javaman
    • Edited by Mr. Javaman Tuesday, July 08, 2008 12:34 PM spelling
    • Marked as answer by kikijas Wednesday, July 09, 2008 2:44 AM
    • Marked as answer by kikijas Wednesday, July 09, 2008 2:44 AM
    • Marked as answer by kikijas Wednesday, July 09, 2008 2:44 AM
    Tuesday, July 08, 2008 12:32 PM