Teach you how to switch ARP packets (1) [one of the game series of data packets]

Http://blog.csdn.net/piggyxp/archive/2004/05/31/19606.aspx

BeforeYan

First of all, I would like to thank Dr. Lu huchuan, a senior network security expert, and Limin, a friend of VC's online version, for providing information and help ^_^

Jing
I often see some people in the forum asking questions about data packet interception and analysis. Fortunately, I also know a little about this. So I want to write a series of articles to discuss in detail the knowledge about data packets ,, I want
The series of articles can popularize the knowledge about data packets, so each article in this series will have a simple and in-depth explanation, detailed analysis, and coding steps, in addition, the source code with detailed comments is attached (I provide the source code of MFC to take care of most of my friends ).

However, because it is also a beginner, we still hope to correct the omissions.

This article embodies the painstaking efforts of the author. If you want to reprint it, please specify the original author and its source. Thank you! Pai_^

OK,. Let's go! Have fun !! Q ^_^ P

Article 1Teach you how to playARPPackage 

Directory:

IBasic knowledge about ARP

1. 1. How ARP works
2. 2. ARP packet format

Author:

Csdn VC/MFC Network Programming piggyxp pai_^

I.AboutARPBasic protocol knowledge 

1. How ARP works

I didn't want to repeat all the basic knowledge about ARP here, but to maintain the integrity of the article and take care of beginners, I will read some text. Senior readers can skip this section.

We all know that Ethernet devices, such as NICs, all have their own unique MAC addresses. They transmit Ethernet packets using MAC addresses, but they cannot recognize the IP addresses in our IP packets, therefore, we need a protocol for IP communication over Ethernet to establish the correspondence between the IP address and the MAC address, so that IP packets can be sent to a specific place. This is ARP (Address Resolution Protocol, Address Resolution Protocol ).

In the command line window, enter

ARP-

Let's take a look at the effect.

210.118.45.100 00-0b-5f-e6-c5-d7 dynamic

It is the correspondence between IP addresses and MAC addresses stored in our computer. Dynamic indicates that it is an entry temporarily stored in the ARP cache, after a period of time, it will time out and be deleted (the XP/2003 system is 2 minutes ).

In this way, when our computer needs to communicate with a machine such as 210.118.45.1, it will first check the ARP cache to check whether there are corresponding ARP entries. If not, it sends an Ethernet recordARP request packetBroadcast queries the corresponding MAC address of 210.118.45.1. Of course, every computer in the network will receive this request packet, but they find that 210.118.45.1 is not their own and will not respond accordingly, 210.118.45.1 will reply to our computerARP response packetThe MAC address is XX-xx, so the ARP cache of our computer will be refreshed accordingly, with one more:

210.118.45.1 XX-xx dynamic

Why is there such an ARP cache? If there is no cache, we need to send a broadcast query address for each IP packet. Isn't it a waste of bandwidth and resources?

Moreover, our network devices cannot identify the authenticity of ARP packets. If we send packets in ARP format, the computer will respond accordingly as long as the information is valid.

Imagine if we refresh the list in our ARP cache based on the corresponding content of the ARP response package, isn't it possible for us to play some ARP packet tricks in a network without security protection? In the subsequent articles, I will teach you how to fill in and send ARP packets, but don't worry. Let's continue to learn some basic knowledge. ^_^

2.ARP packet format

Now that we want to make our own ARP package, we must first learn the format of the ARP package.

From the bottom layer of the network, an ARP packet is divided into two parts. The first one isPhysical Frame HeaderThe other one isARPFrame.

First, the physical frame header will exist in front of any protocol data packet, which is called the DLC header because the frame header is constructed at the data link layer, in addition, the main content is the physical address of the receiving and receiving sides for hardware device identification.

DLC Header
Field	Length (byte)	Default Value	Remarks
Receiver Mac	6		The value is FF-FF during broadcast.
Sender MAC	6
Ethertype	2	Zero X 0806	0x0806 is the type of ARP frame.

Figure 1 Physical Frame Header Format

Figure 1 shows the format of the Physical Frame header that needs to be filled. We can see that what needs to be filled is the physical address of the sending end and the receiving end. Is it very simple?

Next, let's take a look at the format of ARP frames.

ARP Frame
Field	Length (byte)	Default Value	Remarks
Hardware type	2	0x1	Ethernet Type Value
Upper-layer protocol type	2	Zero X 0800	The upper layer protocol is the IP protocol.
MAC address Length	1	0x6	The length of the Ethernet MAC address is 6.
IP address Length	1	0x4	The IP address length is 4.
Operation Code	2		0x1 indicates the ARP request packet, and 0x2 indicates the response packet.
Sender MAC	6
Sender IP	4
Receiver Mac	6
Receiver IP Address	4
Fill data	18		Because the minimum length of a physical frame is 64 bytes, the first 42 bytes plus four CRC verification bytes are 18 bytes apart.

Figure 2 ARP frame format

We can see that what we need to fill in is also Mac, IP, plus a 1 or 2 operation code.

..................

========================================================== ====================================

Dizzy, I wanted to finish sending it in one breath. I didn't expect this word to reach the 64 K limit. I don't know if it is the relationship between the colored word and the table. No way, I have to split the article into four or five-_-B. Let's talk about it next time.

Please look forward to the following :)