4

I am looking for a way to retrieve the MAC address of a specific host on a LAN network. I know its IPv6 address. Ideally I would like a way to trigger the Linux Kernel to perform the neighbor solicitation for me, then I could retrieve the host MAC address through the command ip -6 neighbour

Right now, the only way I found to trigger a neighbor solicitation is to try to establish a TCP connection to the host on a random port. But I do not find this solution really pretty:

curl --connect-timeout 1 "http://[fe80::1234%eth0]:12345"
djoproject
  • 147
  • 2
  • 7

2 Answers2

5
ndisc6 -1 fe80::1234 eth0

Replace eth0 with the correct interface name, of course.

ephemient
  • 1,420
  • 1
  • 11
  • 8
  • 1
    Worked perfectly. Note that that command line option is the number one, not the letter l. – Michael Hampton Oct 04 '20 at 23:52
  • This command need to be installed, it is part of the package ndisc6. I am looking for a method that need nothing extra to be installed. Furthermore, ndisc6 does not trigger NDP inside the kernel but does everything on its own. So the its result won't be visible through `ip -6 neighbour` – djoproject Oct 05 '20 at 07:27
  • @djoproject You'll have to install something, even if it's just `ping`. – Michael Hampton Oct 06 '20 at 01:41
  • @MichaelHampton Sorry I should have be more clear. For my final usage, this action will be in scripts on a user session without the right to install anything. It will be on an Ubuntu distribution or something similar, so every tools like ping, ip, netstat, etc. are installed by default. It is just not the case for ndisc6. – djoproject Oct 06 '20 at 07:33
2

Due to your requirement for this to be reflected in the kernel's neighbors, and your reluctance to install software, try ICMP echo:

ping -c 1 fe80::1234%eth0

Does not really matter what protocol you attempt, so long as it is IP based.

If you are willing to install software, nmap has discovery features. Here is a NDP only scan, output to a XML file (and stdout) which includes the link layer address:

nmap -sn -PR -oX /tmp/lladdr.xml -6 fe80::1234%eth0

Apparently, this type of nmap scan tickles the kernel to do neighbor discovery, as in testing I see it reappear under ip neigh.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
  • Why do you perform a ping before calling nmap ? By the way, `nmap -6 -sn -PR fe80::1234%eth0 2> /dev/null 1>&2` matches my requirements, it is available on systems where I am running the script and it uses the Linux kernel to perform the NDP. Thanks! – djoproject Oct 06 '20 at 07:50
  • I gave you two independent options. Sometimes, knowing a tool with less features is useful because it already is installed everywhere. – John Mahowald Oct 06 '20 at 21:43