Implement ARP packet broadcast in C language + libnet in Ubuntu

Recently, ARP attacks on dormitory buildings have been rampant, and most of them are host spoofing ARP attacks. Every attack requires at least half a day for the whole dormitory building to go online (each dormitory building on our side is divided into a network segment, like our building is 23.254/22 ). I once caught ARP attack packets. I caught an ARP packet when the LAN was under attack: A host broadcasts an ARP packet. The content is 10.1.23.254isatxxxxx. Recently, the school dormitory's ARP attack has been rampant, in addition, most attacks are host-spoofing ARP attacks. Every attack requires at least half a day for the whole dormitory building to go online (each dormitory building on our side is divided into a network segment, like our building is 23.254/22 ). I once caught ARP attack packets. When the LAN was attacked, I caught an ARP packet: A host broadcasts an ARP packet, the content is 10.1.23.254 is at xxxxxxxx (that is, the incorrect gateway MAC, our gateway is 10.1.23.254), and the entire building will be disconnected for a long time.

There is no way. Most people do not understand MAC binding and are not aware of active defense. I can only protect myself when I bind a MAC, but I can only watch the LAN crash. The night before the Dragon Boat Festival holiday was attacked again. However, all administrators in the network center had a holiday. We just cut off the network for three days!

I am really angry!

Occasionally, when I see the entry ARP on Baidu encyclopedia, the author recommends something called "Xinxiang full ARP tool", which means it has active maintenance function, it is to broadcast the correct gateway and MAC address to the network. I think this function is quite good. I downloaded it and tried it. That is the software under WIN. I usually use Ubuntu, so I had to try it on the machine of my classmates. I don't even go to the Internet, so I will treat my horse as a live horse doctor. I didn't expect that crap would have to scan the network before using any other feature. I want to scan it, but it is very fast (using nmap in Linux to scan the network segment 10.1.23.254/22 will be OK in about half a minute ). I didn't expect the broken things to know my network segment, but I scanned it from 10.0.0.0 to 10.254.254.254 !! It took nearly an hour! After the scan is completed, I can't wait to use the "active maintenance" function. I didn't expect it to allow myself to enter the gateway and MAC, and the pop-up window says I couldn't find the MAC (nonsense, it is estimated that it is to read the ARP table. All of them are under ARP attacks. Even if there is a gateway corresponding to the MAC in the ARP table, it is not correct. I really don't know how this author designed it !), Then, manually bind the MAC address (I know the correct MAC address, because the information is published on the website in the network center .), I didn't expect that I wouldn't want to bind Windows 7 without knowing how to do it, nor could I use the administrator privilege to run CMD, nor could I write a batch! I had to restart the system, but I opened the tool again, but said I had to scan it again !!

I am angry! Scanning is required for each operation. If scanning takes an hour, the LAN will be paralyzed and a P will be maintained!

Later, I found that my network interface was useless and there was no signal (instead of scanning the machine on the LAN, it was the network port on which the machine accessed the Internet! Only two network ports are available in one dormitory! All of us use vswitches. XD !) It was blocked by the Network Center !! It is estimated that the traffic during the scan is too large, so it would be slow to scan, but there are still so many scans, I had to enable the maximum speed scan (I thought the network center had a holiday, do they write scripts to automatically block the supertraffic ports ?! The worst thing is port Sealing. Just block a MAC !), I want to talk to the author of the ARP entry in Baidu encyclopedia! Go to the encyclopedia for all the things that have been ruined !!

I also know that some P2P software can send such things in windows, but I am afraid of being insecure or being noticed. (although I want to do a good job, it is a bit of a hack after all ). Let's stop working on Windows and write it in Linux!

First of all, I don't want to do bad things. I also hope that my friends who read this blog don't want to do bad things!

I only provide the code to implement the most basic functions. A slight modification can also implement many other functions (the gateway of my LAN is 10.1.23.254, and its MAC address is 00: 1c: f9: 6a: 4c: 00)

The following code is used: (sendarp. c)

1. # Include
2. # Include
3. IntMain ()
4. {
5. IntRes;
6. /********** Init paras *****************/
7. Libnet_t * l;/***** Libnet handler */
8. Libnet_ptag_t p_tag;
9. Char* Device ="Eth0";
10. CharErr_buff [LIBNET_ERRBUF_SIZE];
11. Char* Src_ip_str ="10.1.23.254";
12. Char* Dest_ip_str ="0.0.0.0";
13. U_char src_mac [6] = {0x00, 0x1c, 0xf9, 0x6a, 0x4c, 0x00 };
14. U_char dest_mac [6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
15. U_long src_ip;
16. U_long dest_ip;
17. Src_ip = libnet_name2addr4 (l, src_ip_str, LIBNET_RESOLVE );
18. Dest_ip = libnet_name2addr4 (l, dest_ip_str, LIBNET_RESOLVE );
19. /*********** Init libnet *****************/
20. L = libnet_init (
21. LIBNET_LINK_ADV,
22. Device,
23. Err_buff
24. );
25. If(L = NULL)
26. {
27. Printf ("Libnet_init err! \ N");
28. Fprintf (stderr,"% S", Err_buff );
29. Exit (0 );
30. }
31. /********** Build arp packet ************/
32. P_tag = libnet_build_arp (
33. ARPHRD_ETHER,/* Hardware type ethernet */
34. ETHERTYPE_IP,/* Protocol type */
35. 6,/* Length of mac */
36. 4,/* Length of IP */
37. ARPOP_REPLY,/* ARP operation type */
38. Src_mac,
39. (U_int8_t *) & src_ip,
40. Dest_mac,
41. (U_int8_t *) & dest_ip,
42. NULL,/* Payload */
43. 0,/* Payload size */
44. L,/* Libnet handler */
45. 0/* '0' stands out building a new packet */
46. );
47. If(P_tag =-1)
48. {
49. Printf ("Libnet_build_arp err! \ N");
50. Exit (0 );
51. }
52. /*********** Build ethernet packet header *************/
53. P_tag = libnet_build_ethernet (
54. Dest_mac,
55. Src_mac,
56. ETHERTYPE_ARP,
57. NULL,
58. 0,
59. L,
60. 0
61. );
62. If(P_tag =-1)
63. {
64. Printf ("Libnet_build_ethernet err! \ N");
65. Exit (0 );
66. }
67. **************************** ***/
68. For(;;)
69. {
70. If(Res = libnet_write (l) =-1)
71. {
72. Printf ("Libnet_write err! \ N");
73. Exit (0 );
74. }
75. Printf ("Arp packet has been sent \ n");
76. Sleep (1 );
77. }
78. /********* Over and destroy **************************/
79. Libnet_destroy (l );
80. Return0;
81. }

Terminal Compilation:

1. Gcc-o sendarp. c-lnet

Run: sudo./sendarp

Packet capture during running:

PS: 1. The above code is generally available in Windows, but the methods for including header files are different. If you are interested, you can study the installation, configuration, and use of libnet in windows.

2. Row 3 in the Code: char * device = "eth0", which is the default wired network interface in Linux, if you change "eth0" to "wlan0", it is the default wireless network interface. In fact, I tested it in a wireless network (for fear of affecting the wired LAN), so I had a bunch of IP addresses that didn't correspond to the gateway 10.1.23.254.