linux c arp协议分析一 - 捕捉局域网内的arp包

解析ARP包结构与Linux ARP协议实现

最新推荐文章于 2023-10-14 22:33:17 发布

最新推荐文章于 2023-10-14 22:33:17 发布 · 622 阅读

文章标签：

#操作系统

本文详细介绍了ARP包的基本格式，并通过提供Linux环境下捕获ARP包的源码，深入探讨了ARP协议的工作原理及其实现细节。旨在帮助读者理解ARP通信过程，为后续的网络编程和协议开发打下坚实基础。

一、实验步骤：

1.假设监听方IP为192.168.1.33

2.假设arp请求发起方的IP为192.168.250

3.在192.168.1.33中开启catcharppacket

4.在192.168.250上使用ping命令：ping 192.168.1.33

5.观察catcharppacket的输出

二、实验结论（捕获的arp包的格式）：

1.mac_target：长度6，host byte order

2.mac_source：长度6，host byte order

3.ethertype：长度2，network byte order

4.hw_type：长度2，network byte order

5.proto_type：长度2，network byte order

6.mac_addr_len：长度1，host byte order

7.ip_addr_len：长度1，host byte order

8.operation_code：长度2，network byte order

9.mac_sender：长度6，host byte order

10.ip_sender：长度4，network byte order

11.mac_receiver：长度6，host byte order

12.ip_receiver：长度4，network byte order

三、实验目的

了解arp包的格式，为下一步自制arp包做准备，请见一下节《linux c arp协议分析二 - 打造并发送自己的arp包》

catcharppacket源码:

#include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/types.h> #include <sys/socket.h> #include <net/if.h> #include <arpa/inet.h> #include <netpacket/packet.h> #include <net/ethernet.h> #include <net/if_arp.h> struct arp_packet { //DLC Header //接收方mac unsigned char mac_target[ETH_ALEN]; //发送方mac unsigned char mac_source[ETH_ALEN]; //Ethertype - 0x0806是ARP帧的类型值 unsigned short ethertype; //ARP Frame //硬件类型 - 以太网类型值0x1 unsigned short hw_type; //上层协议类型 - IP协议(0x0800) unsigned short proto_type; //MAC地址长度 unsigned char mac_addr_len; //IP地址长度 unsigned char ip_addr_len; //操作码 - 0x1表示ARP请求包,0x2表示应答包 unsigned short operation_code; //发送方mac unsigned char mac_sender[ETH_ALEN]; //发送方ip unsigned char ip_sender[4]; //接收方mac unsigned char mac_receiver[ETH_ALEN]; //接收方ip unsigned char ip_receiver[4]; //填充数据 unsigned char padding[18]; }; void die(const char*pre); void print_arp_packet(struct arp_packet ap); int main() { int sfd; char buf[1024]; struct sockaddr_ll my_etheraddr; struct arp_packet rcvBuffer; sfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ARP)); if(-1 == sfd) { die("socket"); } memset(&my_etheraddr, 0, sizeof(sockaddr_ll)); my_etheraddr.sll_family = AF_PACKET; my_etheraddr.sll_protocol = htons(ETH_P_ARP); my_etheraddr.sll_ifindex = IFF_BROADCAST; if(-1 == bind(sfd, (struct sockaddr *)&my_etheraddr, sizeof(my_etheraddr))){ die("bind"); } while(1) { if(-1 == recv(sfd, &rcvBuffer, sizeof(rcvBuffer), 0)) continue; print_arp_packet(rcvBuffer); } return 0; } void die(const char*pre) { perror(pre); exit(1); } void print_arp_packet(struct arp_packet ap) { printf("\n\n-----------------arp package begin--------------------------\n"); printf("mac_target = "); for(int i = 0; i < ETH_ALEN; i++) { printf(i > 0 ? ":0x%.2x" : "0x%.2x", ap.mac_target[i]); } printf("\nmac_source = "); for(int i = 0; i < ETH_ALEN; i++) { printf(i > 0 ? ":0x%.2x" : "0x%.2x", ap.mac_source[i]); } printf("\nethertype = 0x%x", ntohs(ap.ethertype)); printf("\nhw_type = 0x%x", ntohs(ap.hw_type)); printf("\nproto_type = 0x%x", ntohs(ap.proto_type)); printf("\nmac_addr_len = 0x%x", ap.mac_addr_len); printf("\nip_addr_len = 0x%x", ap.ip_addr_len); printf("\noperation_code = 0x%x", ntohs(ap.operation_code)); printf("\nmac_sender = "); for(int i = 0; i < ETH_ALEN; i++) { printf(i > 0 ? ":0x%.2x" : "0x%.2x", ap.mac_sender[i]); } printf("\nip_sender = %s", inet_ntoa(*(struct in_addr*)(ap.ip_sender))); printf("\nmac_receiver = "); for(int i = 0; i < ETH_ALEN; i++) { printf(i > 0 ? ":0x%.2x" : "0x%.2x", ap.mac_receiver[i]); } printf("\nip_receiver = %s", inet_ntoa(*(struct in_addr*)(ap.ip_receiver))); printf("\n-----------------arp package end----------------------------\n"); }

转载请注明出处：http://blog.youkuaiyun.com/xiaodao1986/article/details/6619813