Linux Network Programming--Raw socket instance: MAC address scanner

if a (192.168.1.1) sends a packet to B (192.168.1.2), then the required conditions are the IP, port, and the Protocol (TCP/UDP) that is used in addition to the MAC address, because the MAC address in the Ethernet packet must be there. So how do you know each other's MAC address? The answer is: It uses the ARP protocol to get the other's MAC address .

ARP, Address Resolution Protocol, is one of the TCP/IP protocol families and is primarily used to query the MAC for the specified IP (via IP).


The requester uses the broadcast to send the request, and the responder uses unicast to send the data back and forth . When the return message is received, the IP address and physical address are stored in the native ARP cache and retained for a certain amount of time, and the ARP cache is queried directly on the next request to conserve resources.

example of a MAC with machine A acquiring machine B , a broadcast sends an ARP request packet, and a with a LAN host will receive this request packet, each machine will compare their IP and request packet destination IP is not the same, if not the same, discard this request packet, the result, only B machine meet the conditions, B machine to send A alone ARP reply packet, the answer packet with B's IP corresponding to the MAC address, when a received the reply packet, the IP of B and its corresponding MAC address into the native ARP cache.

Viewing the ARP cache table on Linux:ARP

Viewing the ARP cache table in Windows:arp-a

ARP Header

1. Dest Mac: Destination MAC address
2. SRC Mac: Source MAC Address
3. Frame type: 0x0806
4. Hardware type: 1 (Ethernet)
5. Protocol type: 0x0800 (IP address)
6, Hardware address length: 6
7. Protocol Address Length: 4
8, Op:1 (ARP request), 2 (ARP Reply), 3 (RARP request), 4 (Rarp answer)

the next example for the virtual machine (Ubuntu) is to get the MAC address of the PC :

Check the IP and MAC addresses of Ubuntu first:

The complete code is as follows:

#include <stdio.h> #include <stdlib.h> #include <string.h> #include <net/if.h>//struct ifreq# Include <sys/ioctl.h>//ioctl, Siocgifaddr#include <sys/socket.h> #include <netinet/ether.h>//eth_ P_all#include <netpacket/packet.h>//struct sockaddr_ll#include <netinet/in.h>int Main (int Argc,char * Argv[]) {//1. Create communication with the original socket int sock_raw_fd = socket (Pf_packet, Sock_raw, htons (Eth_p_all));//2. Construction of sending datagrams based on various protocol header formats unsigned char send_msg[1024] = {//--------------group mac--------------0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ,//dst_mac:ff:ff:ff:ff:ff:ff0x00, 0x0c, 0x29, 0x97, 0xc7,0xc1,//src_mac:00:0c:29:97:c7:c10x08, 0x06,//type: 0x0806 ARP protocol//--------------group ARP-------------0x00, 0x01, 0x08, 0x00,//hardware type 1 (Ethernet address), protocol type 0x0800 (IP) 0x06, 0x04, 0x00, 0x01,/ /hardware, protocol address is 6, 4,op: (1:arp request, 2:arp answer) 0x00, 0x0c, 0x29, 0x97, 0xc7,0xc1,//Sender's MAC address 10, 221, 0, 11,//Sender IP address 0x00, 0x00, 0 X00, 0x00, 0x00, 0x00,//destination MAC address (because you want to get each other's Mac, so the destination Mac is 0) 10, 221, 20, 10//destination IP address};//3. Data initialization structSOCKADDR_LL sll;//Original socket address structure struct IFREQ ethreq;//network interface address strncpy (Ethreq.ifr_name, "eth0", ifnamsiz);//Specify NIC name//4. Assign the network interface to the original socket address structure IOCTL (SOCK_RAW_FD, Siocgifindex, (char *) ðreq) bzero (&sll, sizeof (SLL)); Sll.sll_ifindex = ETHREQ.IFR_IFINDEX;//5. Send ARP Request packet int len = sendto (sock_raw_fd, send_msg, 0, (struct sockaddr *) &sll, sizeof (SLL)), if (len = =-1) {perror (" SendTo ");} 6. Receive the ARP response from the other unsigned char recv_msg[1024] = {0};recvfrom (sock_raw_fd, recv_msg, sizeof (RECV_MSG), 0, NULL, NULL); RECV_MSG[21] = = 2)//arp reply {char resp_mac[18] = "",//arp response Macchar resp_ip[16] = "",//arp response ipsprintf (Resp_mac, "%02x:%0 2x:%02x:%02x:%02x:%02x ", recv_msg[22],recv_msg[23],recv_msg[24],recv_msg[25],recv_msg[26],recv_msg[27]); sprintf (Resp_ip, "%d.%d.%d.%d", recv_msg[28], recv_msg[29], recv_msg[30], recv_msg[31]);p rintf ("ip:%s-mac:%s\n", Resp_ip, RESP_MAC);} return 0;}

The results of the program run as follows:

To view your PC's network card information:

The following example gets the MAC address of all machines in the specified network segment :

#include <stdio.h> #include <stdlib.h> #include <string.h> #include <net/if.h>//struct ifreq# Include <sys/ioctl.h>//ioctl, Siocgifaddr#include <sys/socket.h> #include <netinet/ether.h>//eth_ P_all#include <netpacket/packet.h>//struct sockaddr_ll#include <pthread.h> #include <netinet/in.h >void *send_arp_ask (void *arg); int main (int argc,char *argv[]) {//1. Create communication with the original socket int sock_raw_fd = socket (Pf_packet, Sock_raw, Htons (Eth_p_all));//2. Creating a Send Thread pthread_t tid;pthread_create (&tid, NULL, (void *) Send_arp_ask, (void *) SOCK _RAW_FD); while (1) {//3. receive ARP response from each other unsigned char recv_msg[1024] = ""; Recvfrom (SOCK_RAW_FD, recv_msg, sizeof (RECV_MSG), 0 , NULL, NULL), if (recv_msg[21] = = 2)//arp answer {char resp_mac[18] = "",//arp response Macchar resp_ip[16] = "";//arp response ipsprintf ( Resp_mac, "%02x:%02x:%02x:%02x:%02x:%02x", RECV_MSG[22],RECV_MSG[23],RECV_MSG[24],RECV_MSG[25],RECV_MSG[26],RECV _MSG[27]); sprintf (Resp_ip, "%d.%d.%d.%d", recv_msg[28], recv_msg[29], recv_msg[30], recv_msg[31]);p rintf ("ip:%s-mac:%s\n", Resp_ip, Resp_mac);}} return 0;} void *send_arp_ask (void *arg) {int i = 0;int sock_raw_fd = (int) arg;//1. Build a Send datagram based on various protocol header formats unsigned char send_msg[1024] = {// --------------Group mac--------------0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,//dst_mac:ff:ff:ff:ff:ff:ff0x00, 0x0c, 0x29, 0x75 , 0xa6, 0x51,//src_mac:00:0c:29:75:a6:510x08, 0x06,//type: 0x0806 ARP protocol//--------------group ARP-------------0x00, 0x01, 0x08, 0x00,//hardware type 1 (Ethernet address), protocol type 0x0800 (IP) 0x06, 0x04, 0x00, 0x01,//Hardware, protocol address is 6, 4,op: (1:arp request, 2:arp answer) 0x00, 0x0c, 0x29, 0x75, 0xa6, 0x51,//the MAC address of the sending side 172, 20, 226, 12,//Sender IP address 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,//destination MAC address (because to get each other's Mac, so the purpose Mac 0) 172, 20, 226, 11//destination IP address};//2. Data initialization struct SOCKADDR_LL sll;//original socket address structure struct IFREQ ethreq;//network interface address strncpy (ethreq . Ifr_name, "eth0", ifnamsiz);//Specifies the NIC name//3. Assigns the network interface to the original socket address structure IOCTL (SOCK_RAW_FD, Siocgifindex, (char *) ðreq); Bzero ( &AMP;SLL, sizeof (SLL)); Sll.sll_ifindex = Ethreq.ifr_ifindex;//4. Ipif of the Local machine (! ( IOCTL (SOCK_RAW_FD, SIOCGIFADDR, (char *) ðreq)) {int num = Ntohl ((struct sockaddr_in*) (ðreq.ifr_addr))->sin_addr.s_addr); for (i=0; i<4 ; i++) {Send_msg[31-i] = num>>8*i & 0xff;//will send the IP address pack}}//5. Gets the eth0 of the Local Machine (MACIF) (! ( IOCTL (SOCK_RAW_FD, SIOCGIFHWADDR, (char *) ðreq)) {for (i=0; i<6; i++) {//Src_mac, send-side MAC address pack send_msg[22+i] = Send_m    Sg[6+i] = (unsigned char) ethreq.ifr_hwaddr.sa_data[i];} }while (1) {int i = 0;int Num[4] = {0};unsigned char input_buf[1024] = "";//6. Gets the network segment (172.20.226.0) printf to be scanned ("Input_dst_ Network:172.20.226.0\n "); fgets (input_buf, sizeof (INPUT_BUF), stdin), sscanf (Input_buf,"%d.%d.%d. ", &num[0], &AMP;NUM[1], &num[2]//destination IP address);//7. Set the keyboard input message pack for (i=0;i<4;i++) send_msg[38+i] = num[i];//The destination IP address pack//8. to 1~ 254 IP sends ARP request for (I=1; i<255; i++) {send_msg[41] = I;int len = sendto (sock_raw_fd, send_msg, 0, (struct sockaddr *) & AMP;SLL, sizeof (SLL)); if (len = =-1) {perror ("SendTo");}} Sleep (1);} return;}

The results of the program run as follows:

Source code Download Please click this time.

Linux Network Programming--Raw socket instance: MAC address scanner