You can refer to a very good book "Internetworking with TCP/IP by Douglas E Comer" Vol II
Here are a few code lines based on that book. The code is a bit ugly but you will definitely help you if you do try.
Regards,
Nitesh
#define AR_HARDWARE 1
#define AR_REQUEST 1
#define AR_REPLY 2
#define AR_REPLY 2
#define ARP_LEN 8
class CARP {
public:
WORD ar_hwtype; // Hardware Type
WORD ar_prtype; // Protocol Type
BYTE ar_hwlen; // Hardware Length
BYTE ar_prlen; // Protocol Length
WORD ar_op; // Operation
BYTE ar_addrs[1];// Address
class CARP {
public:
WORD ar_hwtype; // Hardware Type
WORD ar_prtype; // Protocol Type
BYTE ar_hwlen; // Hardware Length
BYTE ar_prlen; // Protocol Length
WORD ar_op; // Operation
BYTE ar_addrs[1];// Address
void h2net() { // Host to net
ar_hwtype=hs2net(ar_hwtype);
ar_prtype=hs2net(ar_prtype);
ar_op =hs2net(ar_op);
}
};
ar_hwtype=hs2net(ar_hwtype);
ar_prtype=hs2net(ar_prtype);
ar_op =hs2net(ar_op);
}
};
#define SHA(p) (&p->ar_addrs[0]) // Source Hardware Address
#define SPA(p) (&p->ar_addrs[p->ar_hwlen]) // Source Protocol Address
#define THA(p) (&p->ar_addrs[p->ar_hwlen + p->ar_prlen]) // Target Hardware Address
#define TPA(p) (&p->ar_addrs[(p->ar_hwlen*2) + p->ar_prlen])// Target Protocol Address
#define SPA(p) (&p->ar_addrs[p->ar_hwlen]) // Source Protocol Address
#define THA(p) (&p->ar_addrs[p->ar_hwlen + p->ar_prlen]) // Target Hardware Address
#define TPA(p) (&p->ar_addrs[(p->ar_hwlen*2) + p->ar_prlen])// Target Protocol Address
#define ARP_TIMEOUT 600
#define ARP_INF 0x7fffffff
#define ARP_RESEND 1
#define ARP_MAXRETRY 4
#define MAXHWALEN 6
#define MAXPRALEN 4
#define MAXPRALEN 4
#include "PacketQueue.h"
//Possible values for CARPEntry::ae_state
#define AS_FREE 0
#define AS_PENDING 1
#define AS_RESOLVED 2
#define AS_FREE 0
#define AS_PENDING 1
#define AS_RESOLVED 2
class CARPEntry {
public:
BYTE ae_state; // State
WORD ae_hwtype; // Hardware Type
WORD ae_prtype; // Protocol Type
BYTE ae_hwlen; // Hardware Length
BYTE ae_prlen; // Protocol Length
CPacketQueue* PacketQueue;// Packet Queue
int ae_attempts; // Number of attempts
int ae_ttl; // Time to live
BYTE ae_hwa[MAXHWALEN]; // Hardware Address
BYTE ae_pra[MAXPRALEN]; // Protocol Address
public:
BYTE ae_state; // State
WORD ae_hwtype; // Hardware Type
WORD ae_prtype; // Protocol Type
BYTE ae_hwlen; // Hardware Length
BYTE ae_prlen; // Protocol Length
CPacketQueue* PacketQueue;// Packet Queue
int ae_attempts; // Number of attempts
int ae_ttl; // Time to live
BYTE ae_hwa[MAXHWALEN]; // Hardware Address
BYTE ae_pra[MAXPRALEN]; // Protocol Address
CARPEntry() {
ae_state = AS_FREE;
PacketQueue = NULL;
}
};
ae_state = AS_FREE;
PacketQueue = NULL;
}
};
void CInterface::OnARPIn(struct pcap_pkthdr* header, u_char* pkt_data) {
CEthernet* Ethernet = (CEthernet*)pkt_data;
CARP* ARP=(CARP*)(pkt_data+ETHERNET_LEN);
ARP->h2net();
CEthernet* Ethernet = (CEthernet*)pkt_data;
CARP* ARP=(CARP*)(pkt_data+ETHERNET_LEN);
ARP->h2net();
CARPEntry* pae;
if(pae=ARPFind(SPA(ARP), ARP->ar_prtype)) {
memcpy(pae->ae_hwa, SHA(ARP), pae->ae_hwlen);
pae->ae_ttl=ARP_TIMEOUT;
}
memcpy(pae->ae_hwa, SHA(ARP), pae->ae_hwlen);
pae->ae_ttl=ARP_TIMEOUT;
}
//if(!memcmp(TPA(ARP), Device->IP, IP_ALEN)) return OK;
if(!pae) pae=ARPAdd(ARP);
if(pae->ae_state==AS_PENDING) {
pae->ae_state=AS_RESOLVED;
ARPQSend(pae);
}
pae->ae_state=AS_RESOLVED;
ARPQSend(pae);
}
if(ARP->ar_op == AR_REQUEST) { //If it's an ARP request...send a fake response
//TRY USING FILTER LATER
//TRY USING FILTER LATER
//BYTE ARP_TIP[4]; // Target IP in ARP packet
DWORD ARP_TIP; // Target IP in ARP packet
memcpy((BYTE*)&ARP_TIP, TPA(ARP), 4);
memcpy((BYTE*)&ARP_TIP, TPA(ARP), 4);
// BYTE MASK[4];
// pcap_addr_t* a=d->addresses;
// memcpy(MASK, &(((struct sockaddr_in *)a->netmask)->sin_addr.S_un.S_un_b), 4);
//
// for(int i=0; i<4; ++i) MASK[i]=~MASK[i];
// for(i=0; i<4; ++i) MASK[i]=MASK[i] & ARP_TIP[i];
// BYTE Host=(BYTE)MASK[3];
// pcap_addr_t* a=d->addresses;
// memcpy(MASK, &(((struct sockaddr_in *)a->netmask)->sin_addr.S_un.S_un_b), 4);
//
// for(int i=0; i<4; ++i) MASK[i]=~MASK[i];
// for(i=0; i<4; ++i) MASK[i]=MASK[i] & ARP_TIP[i];
// BYTE Host=(BYTE)MASK[3];
if(ARP_TIP>=MinIP && ARP_TIP<=MaxIP) {
ARP->ar_op = AR_REPLY;
BYTE Temp[NI_MAXPRA];
memcpy(Temp, TPA(ARP), ARP->ar_prlen);
memcpy(THA(ARP), SHA(ARP), ARP->ar_hwlen);
memcpy(TPA(ARP), SPA(ARP), ARP->ar_prlen);
memcpy(SHA(ARP), MAC, ARP->ar_hwlen);
memcpy(SPA(ARP), Temp, ARP->ar_prlen);
memcpy(Ethernet->ethSrc, MAC, ARP->ar_hwlen);
memcpy(Ethernet->ethDest, THA(ARP), ARP->ar_hwlen);
memcpy(Ethernet->ethDest, THA(ARP), ARP->ar_hwlen);
int size = ETHERNET_LEN + ARP_LEN + ARP->ar_hwlen*2 + ARP->ar_prlen*2;
Ethernet->h2net();
ARP->h2net();
Send(pkt_data, size);
Log.Write("Sent out fake ARP");
}
}
}
Ethernet->h2net();
ARP->h2net();
Send(pkt_data, size);
Log.Write("Sent out fake ARP");
}
}
}
ForSpam <[EMAIL PROTECTED]> wrote:
I followed your advice and studied an ARP packet with Ethereal but still I
don't get along with constructing and sending an ARP packet.
So could someone please send me a code snipet which shows how to create and
send an arp packet?
thanks again
alexander g.
At 13:54 13.09.2003, you wrote:
>Use Ethereal and see how it's structured. It's a simple protocol.
>
>Daniel
>----- Original Message -----
>From: "ForSpam" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Friday, September 12, 2003 8:12 PM
>Subject: [WinPcap-users] creating and sending arp packet
>
>
> > Hallo everybody,
> >
> > Can someone explain me how I can create and send an ARP Packet with
>WinpCap?
> > I found no helpfull resource on the net.
> >
> > Thanks and Greetings
> > Alexander G.
> >
> >
> >
> > ==================================================================
> > This is the WinPcap users list. It is archived at
> > http://www.mail-archive.com/[EMAIL PROTECTED]/
> >
> > To unsubscribe use
> > mailto: [EMAIL PROTECTED]
> > ==================================================================
> >
>
>
>
>
>==================================================================
> This is the WinPcap users list. It is archived at
> http://www.mail-archive.com/[EMAIL PROTECTED]/
>
> To unsubscribe use
> mailto: [EMAIL PROTECTED]
>==================================================================
==================================================================
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/[EMAIL PROTECTED]/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==================================================================
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
