一、实验步骤:
1.假设监听方IP为192.168.1.33
2.假设arp请求发起方的IP为192.168.250
3.在192.168.1.33中开启catcharppacket
4.在192.168.250上使用ping命令:ping 192.168.1.33
5.观察catcharppacket的输出
二、实验结论(捕获的arp包的格式):
1.mac_target:长度6,host byte order
2.mac_source:长度6,host byte order
3.ethertype:长度2,network byte order
4.hw_type:长度2,network byte order
5.proto_type:长度2,network byte order
6.mac_addr_len:长度1,host byte order
7.ip_addr_len:长度1,host byte order
8.operation_code:长度2,network byte order
9.mac_sender:长度6,host byte order
10.ip_sender:长度4,network byte order
11.mac_receiver:长度6,host byte order
12.ip_receiver:长度4,network byte order
三、实验目的
了解arp包的格式,为下一步自制arp包做准备,请见一下节《linux c arp协议分析二 - 打造并发送自己的arp包》
catcharppacket源码:
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
struct arp_packet
{
//DLC Header
//接收方mac
unsigned char mac_target[ETH_ALEN];
//发送方mac
unsigned char mac_source[ETH_ALEN];
//Ethertype - 0x0806是ARP帧的类型值
unsigned short ethertype;
//ARP Frame
//硬件类型 - 以太网类型值0x1
unsigned short hw_type;
//上层协议类型 - IP协议(0x0800)
unsigned short proto_type;
//MAC地址长度
unsigned char mac_addr_len;
//IP地址长度
unsigned char ip_addr_len;
//操作码 - 0x1表示ARP请求包,0x2表示应答包
unsigned short operation_code;
//发送方mac
unsigned char mac_sender[ETH_ALEN];
//发送方ip
unsigned char ip_sender[4];
//接收方mac
unsigned char mac_receiver[ETH_ALEN];
//接收方ip
unsigned char ip_receiver[4];
//填充数据
unsigned char padding[18];
};
void die(const char*pre);
void print_arp_packet(struct arp_packet ap);
int main()
{
int sfd;
struct sockaddr_ll my_etheraddr;
struct arp_packet rcvBuffer;
sfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ARP));
if(-1 == sfd)
{
die("socket");
}
memset(&my_etheraddr, 0, sizeof(sockaddr_ll));
my_etheraddr.sll_family = AF_PACKET;
my_etheraddr.sll_protocol = htons(ETH_P_ARP);
my_etheraddr.sll_ifindex = IFF_BROADCAST;
if(-1 == bind(sfd, (struct sockaddr *)&my_etheraddr, sizeof(my_etheraddr))){
die("bind");
}
while(1)
{
if(-1 == recv(sfd, &rcvBuffer, sizeof(rcvBuffer), 0))
continue;
print_arp_packet(rcvBuffer);
}
return 0;
}
void die(const char*pre)
{
perror(pre);
exit(1);
}
void print_arp_packet(struct arp_packet ap)
{
printf("\n\n-----------------arp package begin--------------------------\n");
printf("mac_target = ");
for(int i = 0; i < ETH_ALEN; i++)
{
printf(i > 0 ? ":0x%.2x" : "0x%.2x", ap.mac_target[i]);
}
printf("\nmac_source = ");
for(int i = 0; i < ETH_ALEN; i++)
{
printf(i > 0 ? ":0x%.2x" : "0x%.2x", ap.mac_source[i]);
}
printf("\nethertype = 0x%x", ntohs(ap.ethertype));
printf("\nhw_type = 0x%x", ntohs(ap.hw_type));
printf("\nproto_type = 0x%x", ntohs(ap.proto_type));
printf("\nmac_addr_len = 0x%x", ap.mac_addr_len);
printf("\nip_addr_len = 0x%x", ap.ip_addr_len);
printf("\noperation_code = 0x%x", ntohs(ap.operation_code));
printf("\nmac_sender = ");
for(int i = 0; i < ETH_ALEN; i++)
{
printf(i > 0 ? ":0x%.2x" : "0x%.2x", ap.mac_sender[i]);
}
printf("\nip_sender = %s", inet_ntoa(*(struct in_addr*)(ap.ip_sender)));
printf("\nmac_receiver = ");
for(int i = 0; i < ETH_ALEN; i++)
{
printf(i > 0 ? ":0x%.2x" : "0x%.2x", ap.mac_receiver[i]);
}
printf("\nip_receiver = %s", inet_ntoa(*(struct in_addr*)(ap.ip_receiver)));
printf("\n-----------------arp package end----------------------------\n");
}
1000
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
