0

I am sorry for my bad English. There is a simple Java server for controlling a smart house. I would like to organize a security check using a list of trusted mac addresses. The server will accept if client's mac address is trusted.

Well I have run into a problem. I can't get any client's mac at all and I have no any idea how to do it. Help me please :(

PS: I use standard java nio libs.

My code:

    ServerSocketChannel ssc = (ServerSocketChannel) key.channel();
    SocketChannel client = ssc.accept();

    char [] tempIP = client.socket().getInetAddress().toString().toCharArray();
    StringBuilder temp = new StringBuilder ();
    for (char ch : tempIP) {
        if (ch == '/')
            continue;
        temp.append(ch);
    }

    String clientIP = temp.toString();
    System.out.println(clientIP);
    InetAddress address = InetAddress.getByName(clientIP);
    NetworkInterface ni = NetworkInterface.getByInetAddress(address);
    if (ni != null) {
        byte [] mac = ni.getHardwareAddress();
        if (mac != null) {
            for (int i=0; i!=mac.length; i++) {
                System.out.format("%02X%s", mac[i], (i < mac.length - 1) ? "-" : "");

            }
        } else {
            System.out.println("Address doen't not exist or is not accessiable");
        }
    } else {
        System.out.println("Network Interface for the specified address is not found!");
    }

    client.configureBlocking(false);
    client.setOption(StandardSocketOptions.SO_KEEPALIVE, true);
    client.setOption(StandardSocketOptions.TCP_NODELAY, true);
    client.register(selector, SelectionKey.OP_READ);
    System.out.println("Client is connected!");
Thom
  • 14,013
  • 25
  • 105
  • 185
Mikhail Dedyukhin
  • 69
  • 1
  • 5
  • The code runs on the server side? – zhh Jul 22 '18 at 12:25
  • Yes! I can't just get client's mac address. – Mikhail Dedyukhin Jul 22 '18 at 12:35
  • You are finding ```NetworkInterface``` by the client ip on the server side. You should find ```NetworkInterface``` on the client side and send the client mac to server via socket. – zhh Jul 22 '18 at 12:39
  • Thanks, is there not any opportunity to get mac address on server at all? :( – Mikhail Dedyukhin Jul 22 '18 at 12:44
  • As far as I know you can't. Mac address is not contained in the tcp/udp packet. You can get mac on the client side and send it to the server side and then validate. – zhh Jul 22 '18 at 12:46
  • One way to set up trust is to use encryption and signatures to allow holders of specific private/public keys to connect. e.g. as SSL does. – Peter Lawrey Jul 22 '18 at 12:46
  • 1
    @zhh This is fine for collecting this information but it's as secure as asking for a user name. – Peter Lawrey Jul 22 '18 at 12:47
  • Thank you all! I will try ^) – Mikhail Dedyukhin Jul 22 '18 at 13:04
  • If you can access the server's local ARP cache, that will tell you the MAC address that corresponds to an IP address for a machine on the local network. However, if the client IP is routed through a gateway, the true MAC address won't be available. (And since a client may be able to *change* its MAC address, it is not very useful anyway ... as Peter points out.) – Stephen C Jul 22 '18 at 13:38

0 Answers0