I'm on a LAN provided by an ISP. My computer has its IP address, Subnet Mask, Default Gateway, DNS Servers(using DHCP).
I just wanted to see the MAC addresses of all the computers on my LAN.
- After applying subnet mask
/18or255.255.192.0on my IP I got:182.3.64.0 - Which gives me 16384 IP addresses ranging from
182.3.64.0to182.3.127.255 - First and last IP addresses cannot be used as they are Network address and Broadcast address respectively.
- So, My subnet or local network contains 16382 hosts/computers. Right? In other words these 16382 hosts are behind single router.
I want to see the mac addresses of these hosts. SO, I pinged all of them and the picture shows the result:
My thinking:
I didn't understand why they all have same Mac Address. But now if I think little bit more about it. 16382 hosts behind a single router means too
much of broadcast traffic (ARP broadcast). Which is not desirable. At
the same time they cannot be connected to different routers because
that would mean they are on different networks. May be they are on
different VLAN (I don't know much about VLAN but I just know that it
helps reducing the broadcast traffic).
I don't understand what is my problem. Kindly identify what am I getting wrong?
EDIT: The MAC address I'm receiving is the MAC of my default gateway.
Best Answer
There could be a lot of things going on here.
In general, a subnet will not have as many nodes as it has possible node addresses. If there actually were enough hosts to fill an entire /18, you should be subnetting further, because the broadcast domain would in fact be too big.
However, I don't think this is actually what is going on. I suspect that there is some layer 2 bridging going on here, or possibly someone is MAC spoofing. A layer 2 bridge might respond to ARP with its own mac address for any IPs on the opposite side of the bridge, particularly if the interface on the other side of the bridge uses a different addressing scheme.
That said, scanning your upstream provider's subnets is generally something that should be avoided; it's often against the ToS and there is no valid operational reason for you to be doing it.