构造arp数据包并将其发送到本地linux但没有回复

时间:2017-04-21 08:58:10

标签: linux sockets networking arp

我构建了具有随机ip和MAC地址的ARP数据包(例如,172.29.26.152和0x52,0x54,0x4C,0x00,0x08,0x00)。 在我的电脑上运行该程序。 因此程序将数据包发送到我自己的NIC(ip:172.29.26.102)eth0以获取其MAC地址。 但我没有收到eth0的回复。 我使用tcpdump -i lo -n -XX并且不显示任何数据包。我可以使用tcpdump -i eth0 host 172.29.26.152 -n -XX构建数据包。 为什么主持人没有回复?非常感谢你!

代码:

#define _GNU_SOURCE

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <net/ethernet.h>
#include <unistd.h>

void packarp(char *mymac, char *tarmac, int *tarip, int *myip, char *opcode, char *arppack)
{
    char eth_type[2] = {0x00,0x01};   
    char por_type[2] = {0x08,0x00};     
    char type[2] = {0x08, 0x06};        
    char eth_length = 6;        
    char por_length = 4;        

    memset(arppack, 0, 42);                 
    memcpy(arppack, tarmac, 6);             
    memcpy(arppack + 6, mymac, 6);          
    memcpy(arppack + 12, type, 2);         
    memcpy(arppack + 14, eth_type, 2);    
    memcpy(arppack + 16, por_type, 2);      
    memcpy(arppack + 18, &eth_length, 1);   
    memcpy(arppack + 19, &por_length, 1);   
    memcpy(arppack + 20, opcode, 2);        
    memcpy(arppack + 22, mymac, 6);          
    memcpy(arppack + 28, myip, 4);          
    if (!(opcode[0] == 0x00 && opcode[1] == 0x01)) {
        memcpy(arppack + 32, tarmac, 6);        
    }
    memcpy(arppack + 38, tarip, 4);         
}

int main(int argc, char *argv[])
{
    char mymac[6] = {0x52,0x54,0x4C,0x00,0x08,0x00};
    char tarmac[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
    char recvarp[42] = {0};
    char sendarp[42] = {0};
    int tarip;
    int myip;
    char opcode[2];
    int sock_fd,p;
    struct sockaddr addr;

    if (argc < 4) {
        return EXIT_FAILURE;
    }

    myip = inet_addr(argv[3]);
    tarip = inet_addr(argv[2]);
    opcode[0] = 0x00;
    opcode[1] = 0x01;

    packarp(mymac, tarmac, &tarip, &myip, opcode, sendarp);

    if ((sock_fd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL))) < 0) {
        perror("Open Socket");
        return EXIT_FAILURE;
    }

    memset(&addr, 0, sizeof(addr));
    strncpy(addr.sa_data, argv[1], sizeof(addr.sa_data));
    socklen_t len = sizeof(addr);


    while(1) {
        if (sendto(sock_fd, sendarp, 42, 0, &addr, len) == 42) {
            for(p = 0; p < 42;p++)
              {
                printf("%02x ",(unsigned char)sendarp[p]);
              }
            printf(".\nSend ARP packet successful.\n\n");
        } else {
            perror("sendto");
            return EXIT_FAILURE;
        }

        if (recvfrom(sock_fd, recvarp, 42, 0, &addr, &len) == 42) {
            if (!memcmp((void *)recvarp + 28, (void *)sendarp + 38, 4)) {
                memcpy(tarmac, recvarp + 22, 6);
                printf("Succeed to get MAC address.\n");
                break;
            }
        }


        for(p = 0; p < 42;p++)
              {
                printf("%02x ",(unsigned char)recvarp[p]);
              }
        printf(".\n\n");

        sleep(1);
    }

    opcode[0] = 0x00;
    opcode[1] = 0x01;
    packarp(mymac, tarmac, &tarip, &myip, opcode, sendarp);

    while(1) {
        if (sendto(sock_fd, sendarp, 42, 0, &addr, len) == 42) {
            for(p = 0; p < 42;p++)
              {
                printf("%02x ",(unsigned char)sendarp[p]);
              }
            printf("Succeed to send ARP Spoofing. \n");
        } else {
            perror("sendto");
            return EXIT_FAILURE;
        }
        sleep(1);
    }

    close(sock_fd);

    return EXIT_SUCCESS;
}

1 个答案:

答案 0 :(得分:0)

您的代码是正确的,它能够向/从远程计算机发送和接收ARP数据包。问题是您正在尝试发送本地IP地址的ARP请求。

创建的ARP请求传递给网络驱动程序并发送到物理层。网络驱动程序将数据包作为刚刚发送的传出数据包处理。线路另一端的交换机或任何设备不会将ARP请求转发回接收它的接口。

因此本地操作系统永远不会收到ARP请求,也无法响应。 tcpdump捕获并显示传出的ARP请求。没有来一个。