Fedora Linux Support Community & Resources Center
  #1  
Old 26th December 2009, 06:07 PM
jenaniston Offline
Registered User
 
Join Date: Dec 2009
Location: Malibu, California
Posts: 353
linuxfedorafirefox
MAC address FF:FF:FF:FF:FF:FF obtained by snort

In a simple point to point network connection - trying to set up a LAN boot -
will the client in the MAC host -> MAC client line always just be -> FF:FF:FF:FF:FF:FF
- or is that the result only from the snort utility ?

The laptop - connected by ethernet cable to the Fedora OS with snort - can not boot yet,
so I can NOT just use ifconfig on the laptop client for finding its' MAC address.
It is not on the outside case either.

Will that FF:FF:FF:FF:FF:FF address be good enough to set up a diskless, point-to point LAN boot ?

Code:
[liveuser@localhost ~]$ su -
[root@localhost ~]# yum install snort
. . .
Installed:
  snort.i586 0:2.8.5.1-1.fc11                                                   

Dependency Installed:
  libprelude.i586 0:0.9.21.2-9.fc11                                             

Complete!
[root@localhost ~]#
Code:
[root@localhost ~]# snort -veX
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
***
*** interface device lookup found: eth0
***
Initializing Network Interface eth0
Decoding Ethernet on interface eth0
Code:

12/26-10:00:51.007089 0:12:3F:XX:XX:XX -> FF:FF:FF:FF:FF:FF type:0x800 len:0x156
0.0.0.0:68 -> 255.255.255.255:67 UDP TTL:128 TOS:0x10 ID:0 IpLen:20 DgmLen:328
Len: 300
. . .
P.S. Only the XX:XX:XX and boldface were added in the line of the partial terminal result above from the # snort -veX command,
so any other hints to get LAN boot started as where to look with portmapper or sometin' welcome.

Thanks.
Reply With Quote
  #2  
Old 26th December 2009, 07:22 PM
smurffit Offline
Registered User
 
Join Date: Dec 2009
Posts: 190
linuxfedorafirefox
Well, i'm not sure if i get the problem, but FF:FF... is the broadcastadress and if you have much clients (i. e. in a company) it makes sense to use broadcasts to save bandwidth. So i would say, that the address is fine.
Reply With Quote
  #3  
Old 26th December 2009, 08:53 PM
jenaniston Offline
Registered User
 
Join Date: Dec 2009
Location: Malibu, California
Posts: 353
linuxfedorafirefox
Quote:
Originally Posted by smurffit View Post
. . . but FF:FF... is the broadcastadress . . . would say, that the address is fine.
Thanks for the reply.

When I right click on the network applet in the top menu bar (gnome desktop) and go into
Connection Information, the info includes Interface: Ethernet (eth0), Hardware Address (or host MAC) 00:12:3F:xx:xx:xx), IP address, Broadcast address,
as well as Subnet Mask, Default Route, Primary DNS, Secondary DNS.

There, the Broadcast Address is listed -
Broadcast Address: 128.255.139.255

But the future LAN boot computer MAC has only been found -with snort - as FF:FF:FF:FF:FF:FF

Will that be ( part of ) what I'll need for setting up the LAN boot?
Will that snort obtained MAC be sufficient, since the true network card MAC is NOT known and the laptop can NOT yet be booted ?

Last edited by jenaniston; 26th December 2009 at 09:22 PM.
Reply With Quote
  #4  
Old 27th December 2009, 02:01 AM
smurffit Offline
Registered User
 
Join Date: Dec 2009
Posts: 190
linuxfedorafirefox
The IP is for logical addressing and the MAC is for physical addressing, so they are different connection layers (IP is a higher layer than MAC). There is also a Broadcast-address for IP-addressing, that's fine too, but your Boot-Server works on the MAC layer, therefore it uses the Broadcast-address based on the MAC layer.

By the way, routers don't forward MAC-Broadcasts, so maybe this is a possible problem in your situation?!
Reply With Quote
  #5  
Old 27th December 2009, 05:42 AM
lensman3 Offline
Registered User
 
Join Date: Dec 2009
Location: Centennial, Colorado USA
Posts: 128
linuxfedorafirefox
It sounds like you are doing a network boot to a diskless machine. There were problems when a machine had to boot from the network, because there was no way to get a IP/NIC address until the OS was running. I think the rarp protocol was implemented to do this. The arp command man page references "rarp", but there is no rarp man page.

A lot of the NIC address can be found in the /proc/net directory.
Reply With Quote
  #6  
Old 27th December 2009, 06:40 PM
jenaniston Offline
Registered User
 
Join Date: Dec 2009
Location: Malibu, California
Posts: 353
linuxfirefox
Thanks for the replies.

Quote:
Originally Posted by smurffit View Post
. . . and the MAC is for physical addressing, so they are different connection layers (IP is a higher layer than MAC). There is also a Broadcast-address for IP-addressing, that's fine too, but your Boot-Server works on the MAC layer, therefore it uses the Broadcast-address based on the MAC layer.

. . . routers don't forward MAC-Broadcasts,
Great info in your post distinguishing logical and physical addressing - thanks.

Yes, as I had understood, I was gonna need the MAC address to boot -
and if that F:F:F: ... MAC address obtained with snort is good enough to go, then great.

But I'd kinda doubt that happens to be the actual, true MAC address for that particular 3com network adapter card on the laptop I'll be trying to LAN boot.

And also, btw, it won't be through a router - just a point-to-point ethernet cable connection - the same as was used for "snorting" -
but good info to learn that routers don't forward MAC addresses.

Quote:
Originally Posted by lensman3 View Post
It sounds like you are doing a network boot to a diskless machine. . . . there was no way to get a IP/NIC address until the OS was running. I think the rarp protocol was implemented to do this. The arp command man page references "rarp", but there is no rarp man page.

A lot of the NIC address can be found in the /proc/net directory.
Exactly -
I need to try a point-to-point network (no router) diskless boot to rescue data off the laptop.
Fedora will be great for pulling data off another OS - but I'll need the LAN boot.
Then, I'll just install the Fedora for a 60 GB hard drive linux OS laptop.

I have tried the address resolution protocal - arp - and arping - and I also found that their was no man rarp available.
But you have now encouraged me to pursue info for using rarp further as well -
so thanks - that is what I am going to start working with this afternoon.

Surely, through the years this diskless boot situation has come up before -
rarp may be important as a solution, and I tried snort, which has been a good step as I learn this.

Thanks again.
Reply With Quote
Reply

Tags
address, ffffffffffff, mac, obtained, snort

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
snort/snort inline/snort+flexresponse Wiles Security and Privacy 4 27th February 2010 12:08 PM
vif0.0: received packet with own address as source address greno Installation, Upgrades and Live Media 2 15th January 2007 06:51 AM
yum upgrade obtained the packages but did not install them. .sAm. Using Fedora 1 9th March 2005 02:06 AM
FC3 Ethernet Device static vs automaticly obtained DHCP cwynn Servers & Networking 2 24th January 2005 03:18 PM


Current GMT-time: 15:10 (Wednesday, 30-07-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin Copyright 2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat