2008/2/13 Mircea Vutcovici <[EMAIL PROTECTED]>:
> 2008/2/13 Radu Oprisan <[EMAIL PROTECTED]>:
> >
> > Radu Oprisan wrote:
> > > Tiberiu Ungureanu wrote:
> > >> On Wed, 2008-02-13 at 13:44 -0500, Mircea Vutcovici wrote:
> > >>
> > >>> Trimite arp request. Dar pentru asta ai nevoie de un IP. Si tocmai
> > >>> adresa de IP era necunoscuta.
> > >>> Iar eu sunt inca nedumerit cum poti trimite un arp-request daca nu
> > >>> stii ip-ul. Sau e chestie de Harry Poker?!
> > >>>
> > >>
> > >>
> > >> ** disclaimer: n-am citit threadul de la inceput, si s-ar putea sa ma
> > >> bag ca musca in lapte, fara nici o legatura cu realitatea **
> > >>
> > >> ** disclaimer2: mesajul asta se vrea un reply catre Mircea Vutcovici,
> > >> care raspunsese unui mesaj al lui Radu Oprisan, in care Radu zicea
> > >> "stiind adresa MAC, poti sa aflii adresa IP dand un arpig" **
> > >>
> > >> Mircea,
> > >>
> > >> nu trimiti arp-request, pentru ca pentru ala trebuie sa stii IP-ul.
> > >> Trimiti un Rarp-request, pentru care nu trebuie sa stii ip-ul, ci MAC-ul
> > >>
> > >> Recommended reading:
> > >> ftp://ftp.rfc-editor.org/in-notes/rfc903.txt
> > >> http://en.wikipedia.org/wiki/RARP
>
> Nici o versiune de arping nu foloseste RARP.
> Mai mult, la ora de potiuni ni s-a spus ca daca vrei sa primesti
> raspuns la un RARP request ai nevoie de un daemon numit rarpd, un
> stramos al BOOTP/DHCP.
>
> Sa citim un pic din ceaslov:
>
> NAME
> arping - send ARP REQUEST to a neighbour host
>
> SYNOPSIS
> arping [-AbDfhqUV] [-c count] [-w deadline] [-s source] -I
> interface destination
>
> DESCRIPTION
> Ping destination on device interface by ARP packets, using
> source address source.
> [...]
>
> [EMAIL PROTECTED]:~$ man arping |egrep -i 'icmp|rarp'
> [EMAIL PROTECTED]:~$
> [EMAIL PROTECTED]:~$ arping -V
> arping utility, iputils-sss20070202
>
Sa incercam cu o alta varsiune de arping:
Mai intai curatam tabela ARP sa nu zica lumea ca trisam:
[EMAIL PROTECTED]:~# arp -n
Address HWtype HWaddress Flags Mask Iface
192.168.3.2 ether 00:11:2F:58:EA:1B C eth0
[EMAIL PROTECTED]:~# arp -d 192.168.3.2
[EMAIL PROTECTED]:~# arp -n 192.168.3.2
Address HWtype HWaddress Flags Mask Iface
192.168.3.2 (incomplete) eth0
[EMAIL PROTECTED]:~$ arping
ARPing 2.01, by Thomas Habets <[EMAIL PROTECTED]>
usage: arping [ -0aAbdFpqrRv ] [ -w <us> ] [ -S <host/ip> ] [ -T <host/ip ]
[ -s <MAC> ] [ -t <MAC> ] [ -c <count> ] [ -i <interface> ]
<host/ip/MAC | -B>
[EMAIL PROTECTED]:~$ arping 00:11:2f:58:ea:1b
ARPING 00:11:2f:58:ea:1b
Ne uitam cu globul de cristal si din negura apare:
# tshark -n -i eth0 ether host 00:11:2f:58:ea:1b
1202963491.589541 192.168.3.3 -> 255.255.255.255 ICMP Echo (ping) request
1202963492.593547 192.168.3.3 -> 255.255.255.255 ICMP Echo (ping) request
Hocus pocus!
Ethernet II, Src: 00:17:31:6c:6e:9e (00:17:31:6c:6e:9e), Dst:
00:11:2f:58:ea:1b (00:11:2f:58:ea:1b)
Internet Protocol, Src: 192.168.3.3 (192.168.3.3), Dst:
255.255.255.255 (255.255.255.255)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x8130 [correct]
Identifier: 0x769b
Sequence number: 52 (0x0034)
Si nici un raspuns la broadcast. Si arata mai mult a ping(ICMP Echo)
decat arping(ARP).
Sa nu uitam de RARP: RARP nu a fost maltratat in acest experiment.
>
> > >>
> > >>
> > >>
> > >
> > > De fapt se foloseste un artificiu:
> > >
> > > if (searchmac) {
> > > // ping MAC
> > > /*
> > > * KEYWORD
> > > * What the hell was I thinking when I wrote the
> > > comment below?
> > > * -------
> > > * note: it's eth_xmas below, that's a feature. I don't
> > > want
> > > * a -t line to affect a MAC ping (even though it
> > > can't
> > > * since the lone arg is written last).
> > > * -------
> > > * Phew! Anyway, change eth_target to eth_xmas three lines
> > > * below to change it back.
> > > */
> > > if (-1 == libnet_build_ethernet(eth_target, /* <----
> > > here */
> > > eth_source,
> > > ETHERTYPE_IP,
> > > NULL,
> > > 0,
> > > packet)) {
> > > fprintf(stderr, "libnet_build_ethernet():
> > > error\n");
> > > exit(1);
> > > }
> > >
> > > libnet_build_ip(ICMP_ECHO_H, /* Size of the payload */
> > > 0, /* IP tos */
> > > rand(), /* IP ID */
> > > 0, /* frag stuff */
> > > 48, /* TTL */
> > > IPPROTO_ICMP, /* transport
> > > protocol */
> > > myip, /* source IP */
> > > dip, /* destination IP */
> > > NULL, /* pointer to
> > > payload */
> > > 0, /* payload length */
> > > packet + LIBNET_ETH_H); /* header
> > > memory */
> > >
> > > libnet_build_icmp_echo(ICMP_ECHO, /* type */
> > > 0, /* code */
> > > 4321, /* id */
> > > 6, /* seq */
> > > NULL, /* pointer to
> > > payload */
> > > 0, /* payload length */
> > > /* header memory */
> > > packet + LIBNET_ETH_H +
> > > LIBNET_IP_H);
> > >
> > >
> > >
> > >
> > >
> > > Deci... Prietenul creeaza un packet ICMP pe care il arunca inspre
> > > MAC-ul respectiv.
> > >
> > > if (searchmac) {
> > > if (-1 == pcap_compile(pcap,&bp,"icmp",0,-1)) {
> > > fprintf(stderr, "pcap_compile(): error\n");
> > > exit(1);
> > > }
> > > } else {
> > >
> > > Motivul pentru care explicam ca s-ar putea sa nu functioneze la un
> > > switch sau la un device vlan enabled este ca nu poti sa stii pe unde
> > > va trimite raspunsul.
> > >
> > > mgw ~ # /home/darku/arping-2.06/arping -i eth3.100 00:19:5B:5D:47:A2
> > > ARPING 00:19:5B:5D:47:A2
> > > 75 bytes from 195.95.255.23 (00:19:5b:5d:47:a2): icmp_seq=598
> > > time=616.388 msec
> > >
> >
> > Mentionez ca testul este facut pe un device in uz, motiv pentru care a
> > durat atat pana sa gaseasca ip-ul. Explic mai departe daca e cazul...
> >
> >
> > >
> > > case 'T': // destination IP in mac ping (default:
> > > 0xffffffff)
> > > if (-1 == (dip = libnet_name_resolve(optarg,
> > >
> > > LIBNET_RESOLVE))){
> > > fprintf(stderr, "arping: can't resolve:
> > > %s\n",
> > > optarg);
> > > exit(1);
> > > }
> > >
> > >
> > > Din cate observ... are niste "shortcommings metoda asta, dar
> > > functioneaza in general.
> > > Ma intorc la film.
> > >
> > >
> > > _______________________________________________
> > > RLUG mailing list
> > > [email protected]
> > > http://lists.lug.ro/mailman/listinfo/rlug
> >
> >
> > _______________________________________________
> > RLUG mailing list
> > [email protected]
> > http://lists.lug.ro/mailman/listinfo/rlug
> >
>
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
