与所有网络计算机通信,无论 IP 地址如何
我有兴趣找到一种方法来枚举本地网络上的所有可访问设备,无论其 IP 地址如何。例如,在 192.168.1.X 网络中,如果有一台 IP 地址为 10.0.0.X 的计算机插入网络,我希望能够检测到该恶意计算机并最好也与其通信。两台计算机都将运行此定制软件。
澄清:我们希望处理这样的情况:我们不知道单台计算机的 IP 地址是什么,并且无法保证它位于任何特定子网上。我们所知道的是,计算机物理上插入同一交换机,并且计算机分配有一个静态 IP(但该 IP 可以是任何 IP)。
我们可以远程访问网络上的一台计算机(例如 192.168.1.30),并且我们希望能够与网络上的所有其他计算机进行通信,无论它们的静态 IP 是否设置为 192.168.1。 x、10.0.0.x、10.45.21.7 等)
我意识到这是一个模糊的描述,问题的完整解决方案将会很长,所以我真的在寻求帮助,找到正确的方向(“考虑使用类 XYZ 和 ABC 以这种方式”)而不是完整的实现。
我想要这个的原因是我们公司将映像计算机运送给数千名客户,每个客户都有不同的网络设置(大多数使用相同的 IP 方案,但很大一部分不使用,并且大多数没有在其网络上启用 DHCP) 。一旦硬件到达,我们就很难将其连接到网络上,尤其是在 IP 方案不匹配的情况下,因为现场没有技术人员。理想情况下,我想设计某种可以从主工作站使用的控制台,该控制台可以查看网络,找到所有运行我们软件的计算机,显示其当前的 IP 地址,并允许您更改 IP。
编辑:除非我误解了什么,否则我认为我不能使用广播地址 255.255.255.255 来执行此操作。问题是恶意计算机没有返回原始计算机的路由,因此它会丢弃数据包。也许我误解了一些东西,但下图显示了我对会发生什么的理解。
I'm interested in finding a way to enumerate all accessible devices on the local network, regardless of their IP address. For example, in a 192.168.1.X network, if there is a computer with a 10.0.0.X IP address plugged into the network, I want to be able to detect that rogue computer and preferrably communicate with it as well. Both computers will be running this custom software.
CLARIFICATION: We want to handle the situation where we do not know what the single computer's IP address is and cannot guarantee that it's on any particular subnet. All we know is that the computer is physically plugged into the same switch and the computer has a static IP assigned to it (but that IP could be anything).
We have remote access to one computer on the network (say, 192.168.1.30), and we want to be able to communicate with all other computers on the network, regardless of whether their static IP is set to 192.168.1.x, 10.0.0.x, 10.45.21.7, etc.)
I realize that's a vague description, and a full solution to the problem would be lengthy, so I'm really looking for help finding the right direction to go in ("Look into using class XYZ and ABC in this manner") rather than a full implementation.
The reason I want this is that our company ships imaged computers to thousands of customers, each of which have different network settings (most use the same IP scheme, but a large percentage do not, and most do not have DHCP enabled on their networks). Once the hardware arrives, we have a hard time getting it up on the network, especially if the IP scheme doesn't match, since there is no one technically oriented on-site. Ideally, I want to design some kind of console to be used from their main workstation which looks out on the network, finds all computers running our software, displays their current IP address, and allows you to change the IP.
EDIT: Unless I've misunderstood something, I don't think I can use the broadcast address 255.255.255.255 to do this. the problem is that the rogue compuer doesn't have a route back to the originating computer, so it'll drop the packet. Perhaps I've misunderstood something, but the diagram below shows my understanding of what would happen.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您可以研究各种发现协议,特别是 SNMP 发现。您还可以做一些简单的事情,例如监听 UDP 广播和每台计算机,然后做出响应。请记住,所有这些解决方案都可能引入安全漏洞,而您的客户可能不会意识到这一点。
You can look into various discovery protocols, in particular SNMP discovery. You can also do something simple like listen for UDP broadcasts and each computer and then respond. Bear in mind that all these solution can introduce security holes, and your customers might not appreciate that.
您想要的是广播,这里有一篇关于它的文章:
http://www.codeproject。 com/KB/cs/BroadCasting.aspx
What you want is broadcast, here's an article about it:
http://www.codeproject.com/KB/cs/BroadCasting.aspx
您可以使用多播/广播地址与网络中的所有计算机进行通信。
您可以参考本主题了解如何在 .NET 应用程序中使用该技术:
.Net 中的多播支持
其背后的基本概念是,您的客户端将侦听该多播地址,当他们收到信息 (PING) 时,他们可以将其发回 (PONG)。
You can use the multicast/broadcast addresses to communicate with all the computer of your network.
You can refer to this topic for how to use that technology for .NET application :
Multicast support in .Net
The basic concept behind that is that your clients are going to be listening on that multicast address and when they receive information (PING) they can send it back (PONG).
根据我的经验,通常有三种方法。
拥有预定义数量的 IP 地址,计算机在联机时始终会尝试联系这些地址(例如 192.168.x.250、192.168.x.230 等),并让该计算机作为代理,您可以通过该代理连接到每个网络上的其他计算机。所说的软件将作为服务运行并且每 5 个?分钟后将重新连接到服务器以确认其仍然在线。
或者,只需迭代扫描每个 IP 地址。是的,这需要时间,不,这并不“费力”,因为我们谈论的是硬件和软件。当然,您将通过这种方式生成网络流量。而且相当多。但既然您知道可能的 IP 范围是什么,您就可以扫描它们。
第三个正在播出,但这有点不同。
这些都是蛮力技术。我会从那里开始并适当地完善。奥卡姆剃刀和所有那些乱七八糟的东西。 (是的,我意识到这确实是“没有必要就不应假定复数”,但说奥卡姆剃刀听起来更酷~我们可以尝试一下爱因斯坦吗:“让一切变得尽可能简单,但不要更简单”?)
It has been my experience that usually there are three approaches.
Have a predefined number of IP addresses that a computer will always try and contact when it comes online (say, 192.168.x.250, 192.168.x.230, etc) and let that computer be the proxy by which you can connect to every other computer on the network. Said software would be running as a service and every 5? minutes would reconnect to the server to confirm it's still online.
Alternately, just scan every IP address iteratively. Yes this takes time, no it's not "taxing", as we're talking hardware and software. You will generate network traffic this way, of course. And quite a bit of it. But since you know what the possible IP ranges are, you can scan them.
The third being broadcast, but that's a little different.
These are both brute force techniques. I would start there and refine as appropriate. Occam's Razor and all that mess. (Yes, I realize it is accurately "pluralities ought not be posited without necessity" but it sounds cooler to say Occam's Razor ~ Shall we try Einstein: "Make everything as simple as it should be, but no simpler"?)
假设您有一个与您的图片类似的测试台
10.0.0.47 有条目吗?
Assuming you have a testbed that resembles your picture
Does the 10.0.0.47 have an entry?