Mask /32 not supported ?

[s-leger]

Hi,
Thank you for sharing this usefull tool !

Trying to use the tool to get single host mac with a /32 mask i'm not able to get result.

I'm i doing something wrong ?
Any Idea ?

[drkblog]

Hi. You are right. There was a problem with the range strategy in the code. It wasn't pinging net address nor broadcast address. And that was leaving out the IP when using xxxxxxx/32. So I changed it to ping all addresses in range. Which is better even for other cases. Thank you!

[s-leger]

Hi,
Thank you for this quick update (usefull one) !

According
http://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-1024-on-l
there is a safe way (at least on debian/ubuntu) to run the soft without
root privilege (allowing to create a raw socket).
Simply issue a

sudo setcap 'cap_net_raw=+ep' ./findmacs

note : setcap is in the debian package libcap2-bin

I just removed the root check and modified stderr message perror("creting
socket"); to "creating socket (not root ?)"

Le Sat, 25 Oct 2014 03:57:54 +0200, drkblog notifications@github.com a
écrit:

Hi. You are right. There was a problem with the range strategy in the
code. It wasn't pinging net address nor broadcast address. And that was
leaving out the IP when using xxxxxxx/32. So I changed it to ping all
addresses in range. Which is better even for other cases. Thank you!

---

Reply to this email directly or view it on GitHub:
#1 (comment)

---

Stephen Leger
Info-graphisme 3d services
Route du Caro
SWITZERLAND CH-1965 Saviese

Tel : +41 (0)27 395 24 86
Fax : +41 (0)27 395 24 87
E-mail : stephen@3dservices.ch

www.3dservices.ch

---

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please
notify the system manager : postmaster@3dservices.ch

---

[drkblog]

No problem!
About the root privileges. Since findmacs isn't a service but a small program which does very little. I don't see the need for a complex and non-portable way of avoiding a normal sudo. Which kind of security problem are you preventing with this, specifically?

[s-leger]

Well,
I'm running some custom services as unprivileged user. Those services are
able to discover and interact with some devices over network (dlna-upnp /
avahi-bonjour / knx-eibd / irtrans / hdhomerun / plc ..).
To ensure reliable detection over time (mostly on system restart) on dhcp
enabled network, one service does map ip to mac when the communication
protocol dosen't handle unique and stable host id.

Until now i use a shell script to achieve this goal

MAC Address Parser - Creates list of MAC addresses of active machines on

network

Created by Greg Lavino

Findmacs seems to be a good alternative to nmap and sutch solutions. But
the sudo/rights does prevent direct call from service.

The modification (disabling explicit root check) dosen't prevent sudo, and
allow unpriviliged users call to findmacs with appropriate capabilities
set.

Le Sun, 26 Oct 2014 16:40:08 +0100, drkblog notifications@github.com a
écrit:

No problem!
About the root privileges. Since findmacs isn't a service but a small
program which does very little. I don't see the need for a complex and
non-portable way of avoiding a normal sudo. Which kind of security
problem are you preventing with this, specifically?

---

Reply to this email directly or view it on GitHub:
#1 (comment)

---

Stephen Leger
Info-graphisme 3d services
Route du Caro
SWITZERLAND CH-1965 Saviese

Tel : +41 (0)27 395 24 86
Fax : +41 (0)27 395 24 87
E-mail : stephen@3dservices.ch

www.3dservices.ch

---

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please
notify the system manager : postmaster@3dservices.ch

---

[drkblog]

I see. I just added a new option (-x) for skipping the root privilege checking. This allows running the program if the user knows he/she can do it without being root. While keeps the proper warning for other users. Thank you for this suggestion!