查找自己的网卡:
1 #include <libnet.h> 2 #include <stdio.h> 3 #include <iostream> 4 5 #pragma comment(lib, "libnet.lib") 6 #pragma comment(lib, "wsock32.lib") 7 8 int main(int argc, char **argv) 9 { 10 pcap_if_t *alldevs; 11 pcap_if_t *d; 12 int inum; 13 int i=0; 14 pcap_t *adhandle; 15 char errbuf[PCAP_ERRBUF_SIZE]; 16 17 /* Retrieve the device list */ 18 if (pcap_findalldevs(&alldevs, errbuf) == -1) 19 { 20 fprintf(stderr,"Error in pcap_findalldevs: %s ", errbuf); 21 exit(1); 22 } 23 24 /* Print the list */ 25 for(d=alldevs; d; d=d->next) 26 { 27 printf("%d. %s", ++i, d->name); 28 if (d->description) 29 printf(" (%s) ", d->description); 30 else 31 printf(" (No description available) "); 32 } 33 34 if(i==0) 35 { 36 printf(" No interfaces found! Make sure WinPcap is installed. "); 37 return -1; 38 } 39 40 printf("Enter the interface number (1-%d):",i); 41 scanf("%d", &inum); 42 cin.get(); 43 44 if(inum < 1 || inum > i) 45 { 46 printf(" Interface number out of range. "); 47 /* Free the device list */ 48 pcap_freealldevs(alldevs); 49 cout << "press ENTER to Exit"; 50 cin.get(); 51 return -1; 52 } 53 54 /* Jump to the selected adapter */ 55 for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++); 56 57 58 char *device = NULL;//设备名字,此时为NULL 59 device=d->name; 60 l=libnet_init(LIBNET_LINK,device,error_inf); 61 //。。。 。。。 62 63 return 0; 64 }
发送ARP reply:
转载:http://blog.csdn.net/qq372895101/article/details/13769631
参考:http://bbs.csdn.net/topics/360266138
注:将"eth0"替换成上面找到的d->name;
#include <stdio.h> #include <libnet.h> #define MAC_ADDR_LEN 6 #define IP_ADDR_LEN 4 //向同一网络内所有机器发送ARP REPLY包,告诉他们,23.23.23.2在00:df:17:17:17:f2那里 int main(int argc, char *argv[]) { libnet_t *l = NULL; // libnet context char *device = "eth0"; char err_buf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t p_tag; unsigned char src_mac[MAC_ADDR_LEN]//自己机器的MAC地址 = {0x00, 0xdf, 0x17, 0x17, 0x17, 0xf2}; unsigned char dest_mac[MAC_ADDR_LEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; char *src_ip_str = "23.23.23.2"; unsigned long src_ip, dest_ip = 0; src_ip = libnet_name2addr4(l, src_ip_str, LIBNET_RESOLVE); // create libnet environment l = libnet_init(LIBNET_LINK_ADV, device, err_buf); if(!l) printf("libnet_init error "), exit(1); //构造ARP数据包 p_tag = libnet_build_arp( // construct arp packet ARPHRD_ETHER, // hardware type ethernet ETHERTYPE_IP, // protocol type MAC_ADDR_LEN, // mac length IP_ADDR_LEN, // protocol length ARPOP_REPLY, // op type (u_int8_t*)src_mac, // source mac addr这里作用是更新目的地的ARP表 IP-MAC (u_int8_t*)&src_ip, // source ip addr (u_int8_t*)dest_mac, // dest mac addr (u_int8_t*)&dest_ip, // dest ip addr NULL, // payload 0, // payload length l, // libnet context 0 //0 stands to build a new one ); if(-1 == p_tag) printf("libnet_build_arp error "), exit(1); //以太网头部 p_tag = libnet_build_ethernet( // create ethernet header (u_int8_t*)dest_mac, // dest mac addr (u_int8_t*)src_mac, // source mac addr这里说明你链路层的源MAC地址,如果改了可以伪装自己 ETHERTYPE_ARP, // protocol type NULL, // payload 0, // payload length l, // libnet context 0 // 0 to build a new one ); if(-1 == p_tag) printf("libnet_build_ethernet error! "), exit(1); int res; if(-1 == (res = libnet_write(l))) printf("libnet_write error! "), exit(1); libnet_destroy(l); return 0; }
send arp 也可以:
1 /*********send packets*******************************/ 2 for(;;) 3 { 4 if((res=libnet_write(l))==-1) 5 { 6 printf("libnet_write err! "); 7 exit(0); 8 } 9 printf("arp packet has been sent "); 10 sleep(1); 11 } 12 13 /*********over and destroy**************************/ 14 libnet_destroy(l); 15 return 0;
(如果在linux下编译:gcc -o sendarp sendarp.c -lnet 执行:sudo ./sendarp)
-------------------------------------------------------------------------------------------------------------
转载:blog.csdn.net/xklxlmw/article/details/1620645
Libnet编程之arp扫描存活主机
winpcap获得本机mac和ip:http://www.cnblogs.com/xinsheng/archive/2012/04/18/2456098.html
---
经实验:
arp扫描时自己的ip和mac随便,但是发送出去的arp请求ip地址不能是255的广播地址,mac可以是全f,否则是有网关会回复arp-reply;
根据自己的ip网段从1到254定向发送arp请求,网内机器会回应一个arpreply,网关会回复多个(1或者254),本机不会回复arp。
- 交换机是否转发arp,路由器?
- 自己的网卡能够收到其发出去的arp请求?
- ip地址设为255广播地址,是否有效?
- 从1~254发送arp,如果没有回复,网关是否会将这些ip的mac指向自己?
0:网络号,255:广播,1/254:通常选做网关
网段内的主机会默认向网关发送arp请求。
经实验:
1.发送目的ip为255的广播arp时,只有网关会回复,并且将目的ip对应的mac设置成网关自己的mac
2.将目的ip设置成存活主机的ip,都没有返回。
3.pcap_next_ex()函数有3种返回值,=0是抓包超时(这个时间还不知道是在哪里设置的),>0是正常,
<0是出错(是在pcap_open_live()函数中设置的超时时间,到达这个时间之后,pcap_next_ex()函数的while循环就会退出)。
以太网、arp帧结构:http://www.cnblogs.com/yhl1234/archive/2008/03/04/1090726.html
http://bbs.csdn.net/topics/50489131
网关、网段、arp、ping:http://www.yunsec.net/a/school/wlcs/agreement/2011/0711/9068.html
arp/rarp 工作原理:http://blog.sina.com.cn/s/blog_6e80f1390100mf59.html