[Programming in linux] ARP programming and linux arp Programming

[Programming in linux] ARP programming and linux arp Programming

(Note: This part is taken from "Linux C Programming one-stop learning")

Ethernet (RFC 894) frame format

Figure 1 Ethernet packet type

The source address and destination address are the hardware address (also called the MAC address) of the network card. The length is 48 bits and is fixed at the factory of the network card. Run the ifconfig command to check that the "HWaddr 00: 15: F2: 14: 9E: 3F" part is the hardware address. The protocol field has three values, corresponding to IP, ARP, and RARP respectively. The end of the frame is a CRC check code.


The Data Length in an Ethernet frame is defined as a minimum of 46 bytes, a maximum of 1500 bytes, and a minimum of 46 bytes for ARP and RARP packets. Fill in the following bits. The maximum value of 1500 is the maximum transmission unit (MTU) over Ethernet. Different network types have different MTU. If a data packet is routed from the Ethernet to the dial-up link, if the packet length is greater than the MTU of the dialing link, fragmentation is required for the packet ). The output of the ifconfig command also contains "MTU: 1500 ". Note that the MTU concept refers to the maximum length of the payload in a data frame, excluding the length of the frame header.

During network communication, the application of the source host knows the IP address and port number of the target host, but does not know the hardware address of the target host, the packet is first received by the NIC and then processed by the upper-layer protocol. If the hardware address of the received packet is inconsistent with that of the local machine, it is discarded directly. Therefore, you must obtain the hardware address of the target host before communication. ARP plays this role. The source host sends an ARP request, asks "what is the hardware address of the host whose IP address is 192.168.0.1", and broadcasts the request to the _______ network segment (enter FF: FF for the hardware address of the Ethernet frame header: FF: FF indicates broadcast.) When the target host receives the broadcast ARP request and finds that the IP address matches the local host, it sends an ARP response packet to the source host, enter your hardware address in the response package.

Each host maintains an ARP cache table, which can be viewed using the arp-a command. The table items in the cache table have an expiration time (generally 20 minutes). If a table item is not used again within 20 minutes, the table item is invalid, next time, send an ARP request to obtain the hardware address of the target host. Think about why the table item must have an expiration time instead of being valid all the time?

Figure 2 arp packet type

Note that the source MAC address and target MAC address appear each time in the Ethernet header and ARP request. It is unnecessary for the link layer to be Ethernet, however, if the link layer is another type of network, it may be necessary. The hardware type refers to the link layer network type. 1 is Ethernet, the protocol type refers to the address type to be converted, and 0x0800 is the IP address, the length of the following two addresses is 6 and 4 (bytes) for the ethernet address and IP address respectively. The op field is 1, indicating the ARP request, and the op field is 2, indicating the ARP response.

With the basic knowledge above, we will introduce practical programming:

1. Determine the socket parameters.

According to Figure 1, we can see that although arp, rarp and ip belong to the same network layer (also known as IP layer), their data packaging is independent. Although icmp and igmp are also at the IP layer, they need ip datagram packaging. So when we create a socket for arp and rarp, we cannot use the original ip datagram (SOCK_RAW). We need the most primitive Ethernet frame packets (SOCK_PACKET ); you can select IPv4 (AF_INET) or IPv6 (AF_INET6) as needed. The arp protocol type is the same as the Ethernet frame data type, so it should be 0x0806, defined in "Ethernet Protocol ID" of linux

# Define ETH_P_ARP 0x0806

Then, we can simply think that the socket is created as: sfd = socket (AF_INET, SOCK_PACKET, htons (ETH_P_ARP ));

2. Determine the ARP packet structure

Based on Figure 2, determine the following struct

Struct arp_packet {// Ethernet header unsigned char ap_dstmac [6]; // 6 bytes unsigned char ap_srcmac [6]; // 6 bytes unsigned short ap_frame; // 2 bytes // arp unsigned short ap_hwtype; // 2 bytes: hardware address type unsigned short ap_prototype; // 2 bytes: Software address type unsigned char ap_hwlen; // 1 byte: hardware address length: unsigned char ap_prolen; // 1 byte: Software address length: unsigned short ap_op; // 2 byte: Operation Type: unsigned char ap_frommac [6]; // 6 bytes unsigned char ap_fromip [4]; // 4 bytes unsigned char ap_tomac [6]; // 6 bytes unsigned char ap_toip [4]; // 4 bytes // 18 Bytes: Fill in the byte, because Ethernet data requires at least 46 bytes of unsigned char ap_padding [18];};

3. Obtain the local IP address and mac address

Linux provides ioctl parameters obtained from mac addresses and IP addresses;

#define SIOCGIFADDR 0x8915      /* get PA address       */#define SIOCSIFADDR 0x8916      /* set PA address       */#define SIOCSIFHWADDR   0x8924      /* set hardware address     */#define SIOCGIFHWADDR   0x8927      /* Get hardware address     */

Before obtaining the mac address and IP address of the local machine, we need to tell ioctl that we want to obtain the NIC parameters:

struct ifreq  eth;strcpy(eth.ifr_name,"eth0");/* Get eth0 Hardware Address */int ret = ioctl(fds,SIOCGIFHWADDR, ð);if(ret < 0){perror("Get Hardware Address Fail:");goto close_socket;}/* Get eth0 IP Address */ret = ioctl(fds, SIOCGIFADDR, ð);if(ret < 0){perror("Get IP Address Fail:");goto close_socket;}unsigned char mac_addr[6];memcpy(mac_addr,eth.ifr_hwaddr.sa_data,6);/* In "struct sockaddr",ip address starts from 'sa_data' two bytes later*/unsigned char ip_addr[4];memcpy(ip_addr,eth.ifr_addr.sa_data+2,4);

4. Fill in data packets

struct arp_packet arp_in;bzero(&arp_in,sizeof(struct arp_packet));unsigned char broadcast_mac[6] = {0xff,0xff,0xff,0xff,0xff,0xff};memcpy(arp_in.ap_dstmac,broadcast_mac,6);memcpy(arp_in.ap_srcmac,mac_addr,6);arp_in.ap_frame = htons(ETH_P_ARP);arp_in.ap_hwtype = htons(0x0001);arp_in.ap_prototype = htons(ETH_P_IP);arp_in.ap_hwlen = 6;arp_in.ap_prolen = 4;arp_in.ap_op = htons(0x0001);//0x0001-ARP req 0x0002-ARP Replymemcpy(arp_in.ap_frommac,mac_addr,6);memcpy(arp_in.ap_fromip,ip_addr,4);

5. Data and reception

In this case, the mac address of the other party is unknown, and the data is also sent as broadcast mode.

So at this time, we only need to tell the underlying layer that we need to use that Nic to send.

struct sockaddr eth;eth.sa_family = AF_INET;strcpy(eth.sa_data,"eth0");ret = sendto(fds,&arp_in,sizeof(struct arp_packet),0, (struct sockaddr *)ð,sizeof(struct sockaddr));if(ret < 0){perror("Send Reqire ARP Packet Fail:");goto close_socket;}struct arp_packet arp_rc;socklen_t slen = sizeof(struct sockaddr);bzero(&arp_rc,sizeof(struct arp_packet));ret = recvfrom(fds,&arp_rc,sizeof(struct arp_packet),0,   (struct sockaddr *)ð,&slen);if(ret < 0){perror("Receive Replay ARP Packet Fail:");goto close_socket;}....close_socket;close(fds);return (ret > 0 ? 1 : ret);

6. The problem ends here. The test results are as follows:

-----------------------------Sendto----------------------------Dest MAC:FF:FF:FF:FF:FF:FFSRC  MAC:00:22:15:67:F8:16HW  TYPE:0806From    :210.42.158.204To      :210.42.158.212ARP   OP:0100-----------------------------recvfrom-------------------------Dest MAC:00:22:15:67:F8:16SRC  MAC:00:E0:4C:DC:AA:1EHW  TYPE:0806From    :210.42.158.212To      :210.42.158.204ARP   OP:0200

As for ARP attacks, I tested it a little and I still can. However, many computers do not use arp protection, firewall, or arp attacks.

For the sake of social security, I will not post the arp attack code here.

If you have any questions, please leave a message! Thank you!

How to configure the java programming environment in linux

Software developed in pure java can also be used in linux. First, you need to configure the java environment in linux. Specifically, You need to configure jdk environment variables.
This section describes how to configure jdk environment variables in linux.

First, install jdk in linux. If you are prompted that the permission is insufficient (and root prompts that the permission is insufficient), run the # ls-l filename command to check whether the command is similar to the following:

Indicates that no user has the executable permission (even the root user ).

Solution:

# Chmod a + x filename

After installation, you can configure the environment variables. Three optional methods are provided:

1. Modify the/etc/profile file

This method is recommended when the local machine is used only for development, because the shell of all users has the right to use these environment variables during this configuration, which may bring security issues to the system.

Open/etc/profile in a text editor and add the following content to the end of the profile file:

JAVA_HOME =/usr/share/jdk1.5.0 _ 05
PATH = $ JAVA_HOME/bin: $ PATH
CLASSPATH =.: $ JAVA_HOME/lib/dt. jar: $ JAVA_HOME/lib/tools. jar
Export JAVA_HOME
Export PATH
Export CLASSPATH

Log on again.

Ii. Modify the. bashrc File

This method is more secure. It can control the permissions to use these environment variables to the user level. To grant a user permission to use these environment variables, you only need to modify the permissions in the home directory of the user. you can use the bashrc file.

Open the. bashrc file in the user directory in a text editor and add the following content to the end of the. bashrc file:

Set JAVA_HOME =/usr/share/jdk1.5.0 _ 05
Export JAVA_HOME
Set PATH = $ JAVA_HOME/bin: $ PATH
Export PATH
Set CLASSPATH =.: $ JAVA_HOME/lib/dt. jar: $ JAVA_HOME/lib/tools. jar
Export CLASSPATH

Log on again.

3. directly set variables in shell

This method is not recommended because it is invalid if you change the shell. This method is only for temporary use. It will be troublesome to reset it later.

Run the following command on the shell terminal:

Export JAVA_HOME =/usr/share/jdk1.5.0 _ 05
Export PATH = $ JAVA_HOME/bin: $ PATH
Export CLASSPATH =.: $ JAVA_HOME/lib/dt. jar: $ JAVA_HOME/lib/tools. jar

Note:

1. Change/usr/share/jdk1.5.0 _ 05jdk to the jdk installation directory.
2. Use the colon (:) to separate paths in linux
3. $ PATH/$ CLASSPATH/$ JAVA_HOME is used to reference the original environment variable value. When setting the environment variable, pay special attention not to overwrite the original value.
4. The current directory "." In CLASSPATH cannot be lost.
5. export exports the three variables as global variables.
6. The case must be strict... the remaining full text>

Installation of programming environment in Linux

1. During the installation process, you will be prompted to select the appropriate software package for installation. What programming environment do you mean by which language is the programming environment? Is it with ui?
2. There is no such complete set as you said. You need to find the driver for your own video. QQ only has QQ for linux (not maintained), and linux has its own chat tool (iptux, pidgin, etc ). For the decompression software, if it is not for extracting rar, zip, and other windows compression formats, linux has its own compression format and decompression commands, which are all built-in. To decompress the compressed files in windows, you can install rar for linux. Linux has a high security level for anti-virus. Viruses are basically targeted at windows systems and are not prone to viruses in linux. Pdf Format linux can also be seen, all by the corresponding software. No. The input method is scim. You only need to install the corresponding driver, and any hardware can be driven.